Scan Results

QualysGuard Enterprise Suite

Scan Results
August 30, 2013

Kevin Lanning
uncch_kl
Manager
UNC - Chapel Hill
211 Manning Drive
Chapel Hill, North Carolina 27599
United States of America
Created:
08/30/2013 at 10:56:08 (GMT-0400)


Report Summary

Launch Date:
03/23/2013 at 05:12:03 (GMT-0400)
Active Hosts:
10
Total Hosts:
10
Type:
Scheduled
Status:
Finished
Reference:
scan/1364029818.89789  
Scanner Appliances:
ITS_Manning_v2 (Scanner 6.10.29-1, Vulnerability Signatures 2.2.390-2)
Duration:
13:50:51
Authentication:
Windows authentication failed for 1 host, Unix/Cisco IOS authentication failed for 5 hosts, ORACLE authentication failed for 7 ORACLE instances, Windows authentication was successful for 551 hosts, Unix/Cisco IOS authentication was successful for 143 hosts, ORACLE authentication was successful for 9 ORACLE instances
Title:
Change Plan # 16236
Asset Groups:
SAI_Comp110, SAI_Comp401, SAI_Comp410, SAI_Comp411, SAI_Comp523
IPs:
123.1.1.1234, 123.1.1.1224, 135.5.2.123, 4.4.4.4444, 71.2.3.1111, 321.3.3.4321, 666.6.6.6667, 9.8.7.6543, 123.4.5.6789, 24.6.8.1012
Excluded IPs:
-
Option Profile:
UNC Standard Scan w authentication (Preferred), All TCP ports

Detailed Results

Expand Severity Title Port/Service
2
TCP Sequence Number Approximation Based Denial of Service
 
QID:
82054
Category:
TCP/IP
CVE ID:
CVE-2004-0230
Vendor Reference
-
Bugtraq ID:
10183
Service Modified:
02/02/2010
User Modified:
-
Edited:
No
PCI Vuln:
No
CVSS Base:
5
CVSS Temporal:
4.2
THREAT:
TCP provides stateful communications between hosts on a network. TCP sessions are established by a three-way handshake and use random 32-bit sequence and acknowledgement numbers to ensure the validity of traffic. A vulnerability was reported that may permit TCP sequence numbers to be more easily approximated by remote attackers. This issue affects products released by multiple vendors.

The cause of the vulnerability is that affected implementations will accept TCP sequence numbers within a certain range, known as the acknowledgement range, of the expected sequence number for a packet in the session. This is determined by the TCP window size, which is negotiated during the three-way handshake for the session. Larger TCP window sizes may be set to allow for more throughput, but the larger the TCP window size, the more probable it is to guess a TCP sequence number that falls within an acceptable range. It was initially thought that guessing an acceptable sequence number was relatively difficult for most implementations given random distribution, making this type of attack impractical. However, some implementations may make it easier to successfully approximate an acceptable TCP sequence number, making these attacks possible with a number of protocols and implementations.

This is further compounded by the fact that some implementations may support the use of the TCP Window Scale Option, as described in RFC 1323, to extend the TCP window size to a maximum value of 1 billion.

This vulnerability will permit a remote attacker to inject a SYN or RST packet into the session, causing it to be reset and effectively allowing for denial of service attacks. An attacker would exploit this issue by sending a packet to a receiving implementation with an approximated sequence number and a forged source IP address and TCP port.

There are a few factors that may present viable target implementations, such as those which depend on long-lived TCP connections, those that have known or easily guessed IP address endpoints and those implementations with easily guessed TCP source ports. It has been noted that Border Gateway Protocol (BGP) is reported to be particularly vulnerable to this type of attack, due to the use of long-lived TCP sessions and the possibility that some implementations may use the TCP Window Scale Option. As a result, this issue is likely to affect a number of routing platforms.

Another factor to consider is the relative difficulty of injecting packets into TCP sessions, as a number of receiving implementations will reassemble packets in order, dropping any duplicates. This may make some implementations more resistant to attacks than others.

It should be noted that while a number of vendors have confirmed this issue in various products, investigations are ongoing and it is likely that many other vendors and products will turn out to be vulnerable as the issue is investigated further.

IMPACT:
Successful exploitation of this issue could lead to denial of service attacks on the TCP based services of target hosts.
SOLUTION:
Please first check the results section below for the port number on which this vulnerability was detected. If that port number is known to be used for port-forwarding, then it is the backend host that is really vulnerable.

Various implementations and products including Check Point, Cisco, Cray Inc, Hitachi, Internet Initiative Japan, Inc (IIJ), Juniper Networks, NEC, Polycom, and Yamaha are currently undergoing review. Contact the vendors to obtain more information about affected products and fixes. NISCC Advisory 236929 - Vulnerability Issues in TCP details the vendor patch status as of the time of the advisory, and identifies resolutions and workarounds.

Refer to US-CERT Vulnerability Note VU#415294 and OSVDB Article 4030 to obtain a list of vendors affected by this issue and a note on resolutions (if any) provided by the vendor.

For Microsoft: Refer to MS05-019 and MS06-064 for further details.

For SGI IRIX: Refer to SGI Security Advisory 20040905-01-P

For SCO UnixWare 7.1.3 and 7.1.1: Refer to SCO Security Advisory SCOSA-2005.14

For Solaris (Sun Microsystems): The vendor has acknowledged the vulnerability; however a patch is not available. Refer to Sun Microsystems, Inc. Information for VU#415294 to obtain additional details. Also, refer to TA04-111A for detailed mitigating strategies against these attacks.

For NetBSD: Refer to NetBSD-SA2004-006

For Cisco: Refer to cisco-sa-20040420-tcp-ios.shtml.

For Red Hat Linux: There is no fix available.

Workaround:
The following BGP-specific workaround information has been provided.

For BGP implementations that support it, the TCP MD5 Signature Option should be enabled. Passwords that the MD5 checksum is applied to should be set to strong values and changed on a regular basis.

Secure BGP configuration instructions have been provided for Cisco and Juniper at these locations:
Secure Cisco IOS BGP Template
JUNOS Secure BGP Template

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
Reference:
CVE-2004-0230
Description:
MS Windows 2K/XP TCP Connection Reset Remote Attack Tool - The Exploit-DB Ref : 276
Link:
http://www.exploit-db.com/exploits/276
Reference:
CVE-2004-0230
Description:
TCP Connection Reset Remote Exploit - The Exploit-DB Ref : 291
Link:
http://www.exploit-db.com/exploits/291
Reference:
CVE-2004-0230
Description:
Multiple Vendor TCP Sequence Number Approximation Vulnerability (1) - The Exploit-DB Ref : 24030
Link:
http://www.exploit-db.com/exploits/24030
Reference:
CVE-2004-0230
Description:
Multiple Vendor TCP Sequence Number Approximation Vulnerability (2) - The Exploit-DB Ref : 24031
Link:
http://www.exploit-db.com/exploits/24031
Reference:
CVE-2004-0230
Description:
Multiple Vendor TCP Sequence Number Approximation Vulnerability (3) - The Exploit-DB Ref : 24032
Link:
http://www.exploit-db.com/exploits/24032
Reference:
CVE-2004-0230
Description:
Multiple Vendor TCP Sequence Number Approximation Vulnerability (4) - The Exploit-DB Ref : 24033
Link:
http://www.exploit-db.com/exploits/24033
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Tested on port 22 with an injected SYN/RST offset by 16 bytes.
Expand Severity Title Port/Service
3
OpenSSH Commands Information Disclosure Vulnerability
 
QID:
42382
Category:
General remote services
CVE ID:
CVE-2012-0814
Vendor Reference
OpenSSH Forced Command Information Disclosure
Bugtraq ID:
-
Service Modified:
05/10/2012
User Modified:
-
Edited:
No
PCI Vuln:
No
CVSS Base:
3.5
CVSS Temporal:
2.6
THREAT:
OpenSSH is a set of computer programs providing encrypted communication sessions over a computer network using the SSH protocol.

Openssh-server could allow a remote attacker to obtain sensitive information because of the improper handling of forced commands.

IMPACT:
Only authenticated users can exploit this vulnerability to obtain usernames and other sensitive information.
SOLUTION:
Upgrade to OpenSSH 5.7 or later, available from the OpenSSH Web site.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

OpenSSH 5.7 (OpenSSH)

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
SSH-2.0-OpenSSH_5.4p1 FreeBSD-20100308
Expand Severity Title Port/Service
3
OpenSSH sftp Resource Exhaustion Vulnerability
 
QID:
42383
Category:
General remote services
CVE ID:
CVE-2010-4755
Vendor Reference
OpenSSH
Bugtraq ID:
-
Service Modified:
08/14/2012
User Modified:
-
Edited:
No
PCI Vuln:
Yes
CVSS Base:
4
CVSS Temporal:
3.1
THREAT:
OpenSSH is a set of computer programs providing encrypted communication sessions over a computer network using the SSH protocol.

The vulnerability exists in following OpenSSH functions:-
1. The remote_glob function in sftp-glob.c and
2. The process_put function in sftp.c

Affected Versions:-
OpenSSH versions 5.8 and earlier in FreeBSD, NetBSD and OpenBSD.

IMPACT:
Successful exploitation allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in SSH_FXP_STAT requests to an sftp daemon.
SOLUTION:
Upgrade to the latest version of OpenSSH, available from the OpenSSH Web site.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

OpenSSH (OpenSSH)

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
SSH-2.0-OpenSSH_5.4p1 FreeBSD-20100308
Expand Severity Title Port/Service
3
OpenSSH J-PAKE Session Key Retrieval Vulnerability
 
QID:
42384
Category:
General remote services
CVE ID:
CVE-2010-4478
Vendor Reference
OpenSSH J-PAKE
Bugtraq ID:
45304
Service Modified:
03/01/2013
User Modified:
-
Edited:
No
PCI Vuln:
Yes
CVSS Base:
7.5
CVSS Temporal:
5.5
THREAT:
OpenSSH is a set of computer programs providing encrypted communication sessions over a computer network using the SSH protocol.

OpenSSH, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol. This allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol.

Affected Software:
OpenSSH versions 5.6 and prior.

IMPACT:
Successful exploitation allows attacker to get access to the remote system.
SOLUTION:
Upgrade to OpenSSH 5.7 or later, available from the OpenSSH Web site.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

OpenSSH J-PAKE

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
SSH-2.0-OpenSSH_5.4p1 FreeBSD-20100308SSH-2.0-OpenSSH_5.4p1 FreeBSD-20100308
Expand Severity Title Port/Service
3
Remote Access or Management Service Detected
QID:
42017
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
10/17/2011
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
A remote access or remote management service was detected. If such a service is accessible to malicious users it can be used to carry different type of attacks. Malicious users could try to brute force credentials or collect additional information on the service which could enable them in crafting further attacks.

The Results section includes information on the remote access service that was found on the target.

Services like Telnet, Rlogin, SSH, windows remote desktop, pcAnywhere, Citrix Management Console, Remote Admin (RAdmin), VNC, OPENVPN and ISAKMP are checked.

IMPACT:
Consequences vary by the type of attack.
SOLUTION:
Expose the remote access or remote management services only to the system administrators or intended users of the system.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Service name: SSH on TCP port 22.
Service name: SSH on TCP port 2222.
Expand Severity Title Port/Service
2
Operating System Detected
QID:
45017
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
02/09/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Several different techniques can be used to identify the operating system (OS) running on a host. A short description of these techniques is provided below. The specific technique used to identify the OS on this host is included in the RESULTS section of your report.

1) TCP/IP Fingerprint: The operating system of a host can be identified from a remote system using TCP/IP fingerprinting. All underlying operating system TCP/IP stacks have subtle differences that can be seen in their responses to specially-crafted TCP packets. According to the results of this "fingerprinting" technique, the OS version is among those listed below.

Note that if one or more of these subtle differences are modified by a firewall or a packet filtering device between the scanner and the host, the fingerprinting technique may fail. Consequently, the version of the OS may not be detected correctly. If the host is behind a proxy-type firewall, the version of the operating system detected may be that for the firewall instead of for the host being scanned.

2) NetBIOS: Short for Network Basic Input Output System, an application programming interface (API) that augments the DOS BIOS by adding special functions for local-area networks (LANs). Almost all LANs for PCs are based on the NetBIOS. Some LAN manufacturers have even extended it, adding additional network capabilities. NetBIOS relies on a message format called Server Message Block (SMB).

3) PHP Info: PHP is a hypertext pre-processor, an open-source, server-side, HTML-embedded scripting language used to create dynamic Web pages. Under some configurations it is possible to call PHP functions like phpinfo() and obtain operating system information.

4) SNMP: The Simple Network Monitoring Protocol is used to monitor hosts, routers, and the networks to which they attach. The SNMP service maintains Management Information Base (MIB), a set of variables (database) that can be fetched by Managers. These include "MIB_II.system.sysDescr" for the operating system.

IMPACT:
Not applicable.
SOLUTION:
Not applicable.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Operating SystemTechniqueID
FreeBSDTCP/IP FingerprintU5517:22
Expand Severity Title Port/Service
2
SMTP Banner port 25/tcp
QID:
74042
Category:
Mail services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
03/11/2003
User Modified:
-
Edited:
No
PCI Vuln:
No
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
220 mxip0i.isis.unc.edu ESMTP
Expand Severity Title Port/Service
1
DNS Host Name
QID:
6
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
01/01/1999
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The fully qualified domain name of this host, if it was obtained from a DNS server, is displayed in the RESULT section.
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
IP addressHost name
152.2.0.72mxip0i.isis.unc.edu
Expand Severity Title Port/Service
1
Firewall Detected
QID:
34011
Category:
Firewall
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
10/16/2001
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
A packet filtering device protecting this IP was detected. This is likely to be a firewall or a router using access control lists (ACLs).
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Some of the ports filtered by the firewall are: 2869.
Firewall responded to TCP probes sent to port 21 with RST packets (hopcount to firewall 2 vs hopcount to target 3).
Expand Severity Title Port/Service
1
Target Network Information
QID:
45004
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
08/15/2013
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The information shown in the Result section was returned by the network infrastructure responsible for routing traffic from our cloud platform to the target network (where the scanner appliance is located).

This information was returned from: 1) the WHOIS service, or 2) the infrastructure provided by the closest gateway server to our cloud platform. If your ISP is routing traffic, your ISP's gateway server returned this information.

IMPACT:
This information can be used by malicious users to gather more information about the network infrastructure that may help in launching attacks against it.
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
The network handle is: UNCCH-NET
Network description:
University of North Carolina at Chapel Hill
Expand Severity Title Port/Service
1
Internet Service Provider
QID:
45005
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
08/15/2013
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The information shown in the Result section was returned by the network infrastructure responsible for routing traffic from our cloud platform to the target network (where the scanner appliance is located).

This information was returned from: 1) the WHOIS service, or 2) the infrastructure provided by the closest gateway server to our cloud platform. If your ISP is routing traffic, your ISP's gateway server returned this information.This information was gathered using the WHOIS service for the network and is believed to be the ISP of the target network.

IMPACT:
This information can be used by malicious users to gather more information about the network infrastructure that may aid in launching further attacks against it.
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
The ISP network handle is: UNCCH-NET
ISP Network description:
University of North Carolina at Chapel Hill
Expand Severity Title Port/Service
1
Traceroute
QID:
45006
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/09/2003
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Traceroute describes the path in realtime from the scanner to the remote host being contacted. It reports the IP addresses of all the routers in between.
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
HopsIPRound Trip TimeProbe
1152.2.20.10.41msICMP
2152.19.253.1051.70msICMP
3152.2.0.721.38msICMP
Expand Severity Title Port/Service
1
Host Scan Time
QID:
45038
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
11/18/2004
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The Host Scan Time is the period of time it takes the scanning engine to perform the vulnerability assessment of a single target host. The Host Scan Time for this host is reported in the Result section below.

The Host Scan Time does not have a direct correlation to the Duration time as displayed in the Report Summary section of a scan results report. The Duration is the period of time it takes the service to perform a scan task. The Duration includes the time it takes the service to scan all hosts, which may involve parallel scanning. It also includes the time it takes for a scanner appliance to pick up the scan task and transfer the results back to the service's Secure Operating Center. Further, when a scan task is distributed across multiple scanners, the Duration includes the time it takes to perform parallel host scanning on all scanners.

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Scan duration: 509 seconds

Start time: Sat, Mar 23 2013, 09:12:03 GMT

End time: Sat, Mar 23 2013, 09:20:32 GMT
Expand Severity Title Port/Service
1
Host Names Found
QID:
45039
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
02/14/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The following host names were discovered for this computer using various methods such as DNS look up, NetBIOS query, and SQL server name query.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Host NameSource
mxip0i.isis.unc.eduFQDN
Expand Severity Title Port/Service
1
Open TCP Services List
QID:
82023
Category:
TCP/IP
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
06/15/2009
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The port scanner enables unauthorized users with the appropriate tools to draw a map of all services on this host that can be accessed from the Internet. The test was carried out with a "stealth" port scanner so that the server does not log real connections.

The Results section displays the port number (Port), the default service listening on the port (IANA Assigned Ports/Services), the description of the service (Description) and the service that the scanner detected using service discovery (Service Detected).

IMPACT:
Unauthorized users can exploit this information to test vulnerabilities in each of the open services.
SOLUTION:
Shut down any unknown or unused service on the list. If you have difficulty figuring out which service is provided by which process or program, contact your provider's support team. For more information about commercial and open-source Intrusion Detection Systems available for detecting port scanners of this kind, visit the CERT Web site.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
PortIANA Assigned Ports/ServicesDescriptionService DetectedOS On Redirected Port
22sshSSH Remote Login Protocolssh
25smtpSimple Mail Transfersmtp
443httpshttp protocol over TLS/SSLhttp over ssl
2222unreg-ab2Allen-Bradley unregistered portssh
Expand Severity Title Port/Service
1
ICMP Replies Received
QID:
82040
Category:
TCP/IP
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
01/16/2003
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
ICMP (Internet Control and Error Message Protocol) is a protocol encapsulated in IP packets. ICMP's principal purpose is to provide a protocol layer that informs gateways of the inter-connectivity and accessibility of other gateways or hosts.

We have sent the following types of packets to trigger the host to send us ICMP replies:

Echo Request (to trigger Echo Reply)
Timestamp Request (to trigger Timestamp Reply)
Address Mask Request (to trigger Address Mask Reply)
UDP Packet (to trigger Port Unreachable Reply)
IP Packet with Protocol >= 250 (to trigger Protocol Unreachable Reply)

Listed in the "Result" section are the ICMP replies that we have received.

SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
ICMP Reply TypeTriggered ByAdditional Information
Echo (type=0 code=0)Echo RequestEcho Reply
Unreachable (type=3 code=3)UDP Port 1035Port Unreachable
Unreachable (type=3 code=3)UDP Port 51101Port Unreachable
Unreachable (type=3 code=3)UDP Port 7306Port Unreachable
Unreachable (type=3 code=3)UDP Port 26274Port Unreachable
Unreachable (type=3 code=3)UDP Port 98Port Unreachable
Unreachable (type=3 code=3)UDP Port 1054Port Unreachable
Unreachable (type=3 code=3)UDP Port 1042Port Unreachable
Unreachable (type=3 code=3)UDP Port 1600Port Unreachable
Unreachable (type=3 code=3)UDP Port 520Port Unreachable
Unreachable (type=3 code=3)UDP Port 1981Port Unreachable
Time Stamp (type=14 code=0)Time Stamp Request09:12:05 GMT
Expand Severity Title Port/Service
1
Degree of Randomness of TCP Initial Sequence Numbers
QID:
82045
Category:
TCP/IP
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
11/19/2004
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
TCP Initial Sequence Numbers (ISNs) obtained in the SYNACK replies from the host are analyzed to determine how random they are. The average change between subsequent ISNs and the standard deviation from the average are displayed in the RESULT section. Also included is the degree of difficulty for exploitation of the TCP ISN generation scheme used by the host.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Average change between subsequent TCP initial sequence numbers is 1127576392 with a standard deviation of 556987702. These TCP initial sequence numbers were triggered by TCP SYN probes sent to the host at an average rate of 1/(7186 microseconds). The degree of difficulty to exploit the TCP initial sequence number generation scheme is: hard.
Expand Severity Title Port/Service
1
IP ID Values Randomness
QID:
82046
Category:
TCP/IP
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
07/27/2006
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The values for the identification (ID) field in IP headers in IP packets from the host are analyzed to determine how random they are. The changes between subsequent ID values for either the network byte ordering or the host byte ordering, whichever is smaller, are displayed in the RESULT section along with the duration taken to send the probes. When incremental values are used, as is the case for TCP/IP implementation in many operating systems, these changes reflect the network load of the host at the time this test was conducted.

Please note that for reliability reasons only the network traffic from open TCP ports is analyzed.

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
IP ID changes observed (network order) for port 22: 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1
Duration: 21 milli seconds
Expand Severity Title Port/Service
1
Unix Authentication Not Attempted
QID:
105297
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
04/20/2006
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Unix authentication was enabled but it was not performed for this particular host because the host's IP address is not included in any Unix authentication records.
IMPACT:
Vulnerabilities that require Unix authentication may not be detected.
SOLUTION:
To allow Unix authentication on this host, include the host's IP address in a Unix authentication record.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
No results available
Expand Severity Title Port/Service
1
Default Web Page port 443/tcp over SSL
QID:
12230
Category:
CGI
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
06/19/2006
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The Result section displays the default Web page for the Web server.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Server: glass/1.0 Python/2.6.4
Date: Sat, 23 Mar 2013 09:12:40 GMT
Content-Type: text/html
Set-Cookie: sid=ZuJKFAfS0tzMIbapbzim; expires=Monday, 25-Mar-2013 09:12:40 GMT; httponly; Path=/; secure
Cache-Control: no-store,no-cache,must-revalidate,max-age=0,post-check=0,pre-check=0
Expires: Sat, 23 Mar 2013 09:12:40 GMT
Last-Modified: Sat, 23 Mar 2013 09:12:40 GMT
Location: https://152.2.0.72/login?CSRFKey=bf23b08c-5e65-4111-b527-0dc635a34c8d&referrer=https%3A%2F%2F152.2.0.72%2Fdefault

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html40/loose.dtd">

<html>
<head>
<title>: Redirecting </title>
<meta http-equiv="Refresh" content="0; URL=https://152.2.0.72/login?CSRFKey=bf23b08c-5e65-4111-b527-0dc635a34c8d&referrer=https%3A%2F%2F152.2.0.72%2Fdefault" />


</head>
<body><h1>Redirecting</h1>

<p>
Click <a href="https://152.2.0.72/login?CSRFKey=bf23b08c-5e65-4111-b527-0dc635a34c8d&referrer=https%3A%2F%2F152.2.0.72%2Fdefault">here</a> if y
Expand Severity Title Port/Service
1
SSL Server Information Retrieval port 443/tcp over SSL
QID:
38116
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
07/28/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:

The following is a list of supported SSL ciphers. Note: If a cipher is included in this list it means that it was possible to establish a SSL connection using that cipher. There are some web servers setups that allow connections to be established using a LOW grade cipher, only to provide a web page stating that the URL is accessible only through a non-LOW grade cipher. In this case even though LOW grade cipher will be listed here QID 38140 will not be reported.

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
SSLv2_PROTOCOL_IS_DISABLED _ _ _ _ _
SSLv3_PROTOCOL_IS_ENABLED _ _ _ _ _
SSLv3 COMPRESSION_METHOD None _ _ _
RC4-SHA RSA RSA SHA1 RC4(128)_ MEDIUM_
RC4-MD5 RSA RSA MD5 RC4(128)_ MEDIUM_
TLSv1_PROTOCOL_IS_ENABLED _ _ _ _ _
TLSv1 COMPRESSION_METHOD None _ _ _
RC4-SHA RSA RSA SHA1 RC4(128) _MEDIUM_
RC4-MD5 RSA RSA MD5 RC4(128) _MEDIUM_
Expand Severity Title Port/Service
1
SSL Session Caching Information port 443/tcp over SSL
QID:
38291
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
09/16/2004
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
SSL session is a collection of security parameters that are negotiated by the SSL client and server for each SSL connection. SSL session caching is targeted to reduce the overhead of negotiations in recurring SSL connections. SSL sessions can be reused to resume an earlier connection or to establish multiple simultaneous connections. The client suggests an SSL session to be reused by identifying the session with a Session-ID during SSL handshake. If the server finds it appropriate to reuse the session, then they both proceed to secure communication with already known security parameters.

This test determines if SSL session caching is enabled on the host.

IMPACT:
SSL session caching is part of the SSL and TLS protocols and is not a security threat. The result of this test is for informational purposes only.
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
SSLv3 session caching is enabled on the target.TLSv1 session caching is enabled on the target.
Expand Severity Title Port/Service
1
SSL/TLS invalid protocol version tolerance port 443/tcp over SSL
QID:
38597
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
02/13/2012
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
SSL/TLS protocols have different version that can be supported by both the client and the server. This test attempts to send invalid protocol versions to the target in order to find out what is the targets behavior. The results section contains a table that indicates what was the target's response to each of our tests.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
my versiontarget version
03040301
03990301
0400rejected
0499rejected
Expand Severity Title Port/Service
1
TLS Secure Renegotiation Extension Supported port 443/tcp over SSL
QID:
42350
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
12/01/2011
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Secure Socket Layer (SSL) and Transport Layer Security (TLS) renegotiation are vulnerable to an attack in which the attacker forms a TLS connection with the target server, injects content of his choice, and then splices in a new TLS connection from a client. The server treats the client's initial TLS handshake as a renegotiation and thus believes that the initial data transmitted by the attacker is from the same entity as the subsequent client data. TLS protocol was extended to cryptographically tierenegotiations to the TLS connections they are being performed over, This is referred to as TLS secure renegotiation extension. This detection determines whether the TLS secure renegotiation extension is supported by the server or not.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
TLS Secure Renegotiation Extension Status: not supported.
Expand Severity Title Port/Service
1
SSL Certificate - Information port 443/tcp over SSL
QID:
86002
Category:
Web server
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
01/23/2003
User Modified:
-
Edited:
No
PCI Vuln:
No
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
NAMEVALUE
(0)CERTIFICATE 0
(0)Version3 (0x2)
(0)Serial Number 0e:43:27:2c:e7:93
(0)Signature Algorithmsha1WithRSAEncryption
(0)ISSUER NAME
countryNameUS
stateOrProvinceNameArizona
localityNameScottsdale
organizationName"GoDaddy.com, Inc."
organizationalUnitNamehttp://certificates.godaddy.com/repository
commonNameGo Daddy Secure Certification Authority
serialNumber07969287
(0)SUBJECT NAME
organizationName*.isis.unc.edu
organizationalUnitNameDomain Control Validated
commonName*.isis.unc.edu
(0)Valid FromDec 22 20:06:48 2009 GMT
(0)Valid TillDec 22 20:06:48 2014 GMT
(0)Public Key AlgorithmrsaEncryption
(0)RSA Public Key(2048 bit)
(0) Public-Key: (2048 bit)
(0) Modulus:
(0) 00:b4:b1:1b:f6:26:8f:ac:83:65:22:6c:70:b7:4d:
(0) f3:41:04:74:34:c7:6c:bc:ca:c4:3e:42:be:4c:1d:
(0) c7:90:cd:f1:eb:50:21:7d:fe:6f:64:6a:c3:67:22:
(0) 13:14:4b:1f:22:72:37:94:46:4b:5a:9b:9b:0b:5c:
(0) 4a:f2:9e:63:0f:92:35:53:7d:9c:9e:c5:19:f4:b9:
(0) 21:6c:06:9b:ad:47:5c:04:84:f9:52:bd:7f:e2:ed:
(0) 0c:8c:2f:ff:e0:48:f3:e6:8a:0f:17:10:74:3b:af:
(0) 3f:fb:fb:f2:3c:b4:ac:37:76:58:cf:61:cf:35:94:
(0) c1:f6:e2:cf:dc:95:04:b8:b6:0f:03:03:77:02:24:
(0) df:d6:f5:b9:16:75:b5:2a:3b:6b:9b:79:04:d8:ce:
(0) bf:97:96:7f:60:3d:c0:a8:34:0f:e3:70:5d:b4:8e:
(0) 39:ee:7b:fd:b8:ba:3c:4c:db:80:68:19:f3:9b:33:
(0) e3:ed:88:af:5a:73:49:af:cc:ea:82:03:3b:fe:71:
(0) b1:f1:02:fb:c8:ae:82:58:79:e8:98:bb:74:6c:d2:
(0) be:93:e2:6b:df:19:79:40:ad:c9:90:df:be:14:94:
(0) 76:9f:dc:26:29:d6:d5:f2:b3:69:72:7b:7b:8d:64:
(0) f3:f1:68:29:0d:62:c3:23:65:4a:97:cc:53:54:d2:
(0) 4b:5d
(0) Exponent: 65537 (0x10001)
(0)X509v3 EXTENSIONS
(0)X509v3 Basic Constraintscritical
(0) CA:FALSE
(0)X509v3 Extended Key Usage TLS Web Server Authentication, TLS Web Client Authentication
(0)X509v3 Key Usagecritical
(0) Digital Signature, Key Encipherment
(0)X509v3 CRL Distribution Points
(0) Full Name:
(0) URI:http://crl.godaddy.com/gds1-12.crl
(0)X509v3 Certificate Policies Policy: 2.16.840.1.114413.1.7.23.1
(0) CPS: http://certificates.godaddy.com/repository/
(0)Authority Information Access OCSP - URI:http://ocsp.godaddy.com/
(0) CA Issuers - URI:http://certificates.godaddy.com/repository/gd_intermediate.crt
(0)X509v3 Authority Key Identifier keyid:FD:AC:61:32:93:6C:45:D6:E2:EE:85:5F:9A:BA:E7:76:99:68:CC:E7
(0)X509v3 Subject Alternative Name DNS:*.isis.unc.edu, DNS:isis.unc.edu
(0)X509v3 Subject Key Identifier C1:AE:28:7A:CA:E6:FC:6B:71:BE:5E:40:38:E5:BD:99:24:A3:D5:27
(0)Signature(256 octets)
(0) 0f:5c:76:01:a0:1a:06:1c:e5:ab:72:66:c9:a2:25:a6
(0) 38:6a:cf:e9:ca:a1:0f:86:0a:de:fb:4f:a4:23:67:e4
(0) 57:de:2a:d5:27:0f:74:af:9e:51:3d:06:b3:a6:a2:aa
(0) a2:86:b2:c9:d5:01:0e:d4:d7:82:65:9f:36:21:fb:d6
(0) 10:f5:a3:b6:da:02:db:42:24:e6:20:b4:f9:c2:2b:7d
(0) 6a:d1:f5:07:d5:d1:a7:b9:08:2b:d6:17:d7:0e:b4:8e
(0) cf:ad:b1:87:ed:1f:9b:af:92:b2:06:07:e2:7c:ba:9c
(0) 6d:d1:61:5b:2e:1b:bc:6d:00:67:12:0d:10:6d:f1:2f
(0) 33:a2:e7:80:fd:6d:dc:81:00:12:02:c8:bf:ff:72:7b
(0) 43:2a:a4:39:2b:fe:ef:12:d9:af:ec:58:b5:40:a4:5a
(0) 58:9e:80:17:87:99:2a:bf:d4:1f:8e:f9:ab:03:24:87
(0) 11:72:c1:f9:24:5d:d9:27:c5:e0:b4:4f:7b:cb:9c:c9
(0) 3e:93:b0:64:4e:a7:74:cd:4f:71:7b:be:05:03:8e:c1
(0) 53:d9:9f:66:b9:72:78:ad:f3:7c:ca:54:58:e1:7c:71
(0) aa:d3:36:6c:3d:d7:30:bc:0e:28:2c:33:5b:e4:c4:52
(0) 2c:62:be:c0:fb:10:8f:41:9c:f3:9e:a2:66:7b:13:1c
(1)CERTIFICATE 1
(1)Version3 (0x2)
(1)Serial Number 0e:43:27:2c:e7:93
(1)Signature Algorithmsha1WithRSAEncryption
(1)ISSUER NAME
countryNameUS
stateOrProvinceNameArizona
localityNameScottsdale
organizationName"GoDaddy.com, Inc."
organizationalUnitNamehttp://certificates.godaddy.com/repository
commonNameGo Daddy Secure Certification Authority
serialNumber07969287
(1)SUBJECT NAME
organizationName*.isis.unc.edu
organizationalUnitNameDomain Control Validated
commonName*.isis.unc.edu
(1)Valid FromDec 22 20:06:48 2009 GMT
(1)Valid TillDec 22 20:06:48 2014 GMT
(1)Public Key AlgorithmrsaEncryption
(1)RSA Public Key(2048 bit)
(1) Public-Key: (2048 bit)
(1) Modulus:
(1) 00:b4:b1:1b:f6:26:8f:ac:83:65:22:6c:70:b7:4d:
(1) f3:41:04:74:34:c7:6c:bc:ca:c4:3e:42:be:4c:1d:
(1) c7:90:cd:f1:eb:50:21:7d:fe:6f:64:6a:c3:67:22:
(1) 13:14:4b:1f:22:72:37:94:46:4b:5a:9b:9b:0b:5c:
(1) 4a:f2:9e:63:0f:92:35:53:7d:9c:9e:c5:19:f4:b9:
(1) 21:6c:06:9b:ad:47:5c:04:84:f9:52:bd:7f:e2:ed:
(1) 0c:8c:2f:ff:e0:48:f3:e6:8a:0f:17:10:74:3b:af:
(1) 3f:fb:fb:f2:3c:b4:ac:37:76:58:cf:61:cf:35:94:
(1) c1:f6:e2:cf:dc:95:04:b8:b6:0f:03:03:77:02:24:
(1) df:d6:f5:b9:16:75:b5:2a:3b:6b:9b:79:04:d8:ce:
(1) bf:97:96:7f:60:3d:c0:a8:34:0f:e3:70:5d:b4:8e:
(1) 39:ee:7b:fd:b8:ba:3c:4c:db:80:68:19:f3:9b:33:
(1) e3:ed:88:af:5a:73:49:af:cc:ea:82:03:3b:fe:71:
(1) b1:f1:02:fb:c8:ae:82:58:79:e8:98:bb:74:6c:d2:
(1) be:93:e2:6b:df:19:79:40:ad:c9:90:df:be:14:94:
(1) 76:9f:dc:26:29:d6:d5:f2:b3:69:72:7b:7b:8d:64:
(1) f3:f1:68:29:0d:62:c3:23:65:4a:97:cc:53:54:d2:
(1) 4b:5d
(1) Exponent: 65537 (0x10001)
(1)X509v3 EXTENSIONS
(1)X509v3 Basic Constraintscritical
(1) CA:FALSE
(1)X509v3 Extended Key Usage TLS Web Server Authentication, TLS Web Client Authentication
(1)X509v3 Key Usagecritical
(1) Digital Signature, Key Encipherment
(1)X509v3 CRL Distribution Points
(1) Full Name:
(1) URI:http://crl.godaddy.com/gds1-12.crl
(1)X509v3 Certificate Policies Policy: 2.16.840.1.114413.1.7.23.1
(1) CPS: http://certificates.godaddy.com/repository/
(1)Authority Information Access OCSP - URI:http://ocsp.godaddy.com/
(1) CA Issuers - URI:http://certificates.godaddy.com/repository/gd_intermediate.crt
(1)X509v3 Authority Key Identifier keyid:FD:AC:61:32:93:6C:45:D6:E2:EE:85:5F:9A:BA:E7:76:99:68:CC:E7
(1)X509v3 Subject Alternative Name DNS:*.isis.unc.edu, DNS:isis.unc.edu
(1)X509v3 Subject Key Identifier C1:AE:28:7A:CA:E6:FC:6B:71:BE:5E:40:38:E5:BD:99:24:A3:D5:27
(1)Signature(256 octets)
(1) 0f:5c:76:01:a0:1a:06:1c:e5:ab:72:66:c9:a2:25:a6
(1) 38:6a:cf:e9:ca:a1:0f:86:0a:de:fb:4f:a4:23:67:e4
(1) 57:de:2a:d5:27:0f:74:af:9e:51:3d:06:b3:a6:a2:aa
(1) a2:86:b2:c9:d5:01:0e:d4:d7:82:65:9f:36:21:fb:d6
(1) 10:f5:a3:b6:da:02:db:42:24:e6:20:b4:f9:c2:2b:7d
(1) 6a:d1:f5:07:d5:d1:a7:b9:08:2b:d6:17:d7:0e:b4:8e
(1) cf:ad:b1:87:ed:1f:9b:af:92:b2:06:07:e2:7c:ba:9c
(1) 6d:d1:61:5b:2e:1b:bc:6d:00:67:12:0d:10:6d:f1:2f
(1) 33:a2:e7:80:fd:6d:dc:81:00:12:02:c8:bf:ff:72:7b
(1) 43:2a:a4:39:2b:fe:ef:12:d9:af:ec:58:b5:40:a4:5a
(1) 58:9e:80:17:87:99:2a:bf:d4:1f:8e:f9:ab:03:24:87
(1) 11:72:c1:f9:24:5d:d9:27:c5:e0:b4:4f:7b:cb:9c:c9
(1) 3e:93:b0:64:4e:a7:74:cd:4f:71:7b:be:05:03:8e:c1
(1) 53:d9:9f:66:b9:72:78:ad:f3:7c:ca:54:58:e1:7c:71
(1) aa:d3:36:6c:3d:d7:30:bc:0e:28:2c:33:5b:e4:c4:52
(1) 2c:62:be:c0:fb:10:8f:41:9c:f3:9e:a2:66:7b:13:1c
Expand Severity Title Port/Service
1
SSH daemon information retrieving port 22/tcp
QID:
38047
Category:
General remote services
CVE ID:
CVE-1999-0634
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
04/21/2009
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
SSH is a secure protocol, provided it is fully patched, properly configured, and uses FIPS approved algorithms.


For Red Hat ES 4:-

SSH1 supported					yes

Supported authentification methods for SSH1	RSA,password

Supported ciphers for SSH1			3des,blowfish

SSH2 supported					yes

Supported keys exchange algorithm for SSH2	diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

Supported decryption ciphers for SSH2		aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr

Supported encryption ciphers for SSH2		aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr

Supported decryption mac for SSH2		hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

Supported encryption mac for SSH2		hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

Supported authentification methods for SSH2	publickey,gssapi-with-mic,password

IMPACT:
Successful exploitation allows an attacker to execute arbitrary commands on the SSH server or otherwise subvert an encrypted SSH channel with arbitrary data.
SOLUTION:
SSH version 2 is preferred over SSH version 1.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
SSH1 supportedno
SSH2 supportedyes
Supported keys exchange algorithm for SSH2diffie-hellman-group-exchange-sha256, diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha1, diffie-hellman-group1-sha1
Supported decryption ciphers for SSH2aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se
Supported encryption ciphers for SSH2aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se
Supported decryption mac for SSH2hmac-md5, hmac-sha1, umac-64@openssh.com, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-sha1-96, hmac-md5-96
Supported encryption mac for SSH2hmac-md5, hmac-sha1, umac-64@openssh.com, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-sha1-96, hmac-md5-96
Supported authentication methods for SSH2password, publickey, keyboard-interactive
Expand Severity Title Port/Service
1
SSH Banner port 22/tcp
QID:
38050
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
02/04/2003
User Modified:
-
Edited:
No
PCI Vuln:
No
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
SSH-2.0-OpenSSH_5.4p1 FreeBSD-20100308
Expand Severity Title Port/Service
1
SSL Server Information Retrieval port 25/tcp over SSL
QID:
38116
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
07/28/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:

The following is a list of supported SSL ciphers. Note: If a cipher is included in this list it means that it was possible to establish a SSL connection using that cipher. There are some web servers setups that allow connections to be established using a LOW grade cipher, only to provide a web page stating that the URL is accessible only through a non-LOW grade cipher. In this case even though LOW grade cipher will be listed here QID 38140 will not be reported.

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
SSLv2_PROTOCOL_IS_DISABLED _ _ _ _ _
SSLv3_PROTOCOL_IS_ENABLED _ _ _ _ _
SSLv3 COMPRESSION_METHOD None _ _ _
RC4-SHA RSA RSA SHA1 RC4(128)_ MEDIUM_
RC4-MD5 RSA RSA MD5 RC4(128)_ MEDIUM_
TLSv1_PROTOCOL_IS_ENABLED _ _ _ _ _
TLSv1 COMPRESSION_METHOD None _ _ _
RC4-SHA RSA RSA SHA1 RC4(128) _MEDIUM_
RC4-MD5 RSA RSA MD5 RC4(128) _MEDIUM_
Expand Severity Title Port/Service
1
SSL Session Caching Information port 25/tcp over SSL
QID:
38291
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
09/16/2004
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
SSL session is a collection of security parameters that are negotiated by the SSL client and server for each SSL connection. SSL session caching is targeted to reduce the overhead of negotiations in recurring SSL connections. SSL sessions can be reused to resume an earlier connection or to establish multiple simultaneous connections. The client suggests an SSL session to be reused by identifying the session with a Session-ID during SSL handshake. If the server finds it appropriate to reuse the session, then they both proceed to secure communication with already known security parameters.

This test determines if SSL session caching is enabled on the host.

IMPACT:
SSL session caching is part of the SSL and TLS protocols and is not a security threat. The result of this test is for informational purposes only.
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
SSLv3 session caching is enabled on the target.TLSv1 session caching is enabled on the target.
Expand Severity Title Port/Service
1
TLS Secure Renegotiation Extension Supported port 25/tcp over SSL
QID:
42350
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
12/01/2011
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Secure Socket Layer (SSL) and Transport Layer Security (TLS) renegotiation are vulnerable to an attack in which the attacker forms a TLS connection with the target server, injects content of his choice, and then splices in a new TLS connection from a client. The server treats the client's initial TLS handshake as a renegotiation and thus believes that the initial data transmitted by the attacker is from the same entity as the subsequent client data. TLS protocol was extended to cryptographically tierenegotiations to the TLS connections they are being performed over, This is referred to as TLS secure renegotiation extension. This detection determines whether the TLS secure renegotiation extension is supported by the server or not.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
TLS Secure Renegotiation Extension Status: not supported.
Expand Severity Title Port/Service
1
SSL Certificate - Information port 25/tcp over SSL
QID:
86002
Category:
Web server
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
01/23/2003
User Modified:
-
Edited:
No
PCI Vuln:
No
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
NAMEVALUE
(0)CERTIFICATE 0
(0)Version3 (0x2)
(0)Serial Number 0e:43:27:2c:e7:93
(0)Signature Algorithmsha1WithRSAEncryption
(0)ISSUER NAME
countryNameUS
stateOrProvinceNameArizona
localityNameScottsdale
organizationName"GoDaddy.com, Inc."
organizationalUnitNamehttp://certificates.godaddy.com/repository
commonNameGo Daddy Secure Certification Authority
serialNumber07969287
(0)SUBJECT NAME
organizationName*.isis.unc.edu
organizationalUnitNameDomain Control Validated
commonName*.isis.unc.edu
(0)Valid FromDec 22 20:06:48 2009 GMT
(0)Valid TillDec 22 20:06:48 2014 GMT
(0)Public Key AlgorithmrsaEncryption
(0)RSA Public Key(2048 bit)
(0) Public-Key: (2048 bit)
(0) Modulus:
(0) 00:b4:b1:1b:f6:26:8f:ac:83:65:22:6c:70:b7:4d:
(0) f3:41:04:74:34:c7:6c:bc:ca:c4:3e:42:be:4c:1d:
(0) c7:90:cd:f1:eb:50:21:7d:fe:6f:64:6a:c3:67:22:
(0) 13:14:4b:1f:22:72:37:94:46:4b:5a:9b:9b:0b:5c:
(0) 4a:f2:9e:63:0f:92:35:53:7d:9c:9e:c5:19:f4:b9:
(0) 21:6c:06:9b:ad:47:5c:04:84:f9:52:bd:7f:e2:ed:
(0) 0c:8c:2f:ff:e0:48:f3:e6:8a:0f:17:10:74:3b:af:
(0) 3f:fb:fb:f2:3c:b4:ac:37:76:58:cf:61:cf:35:94:
(0) c1:f6:e2:cf:dc:95:04:b8:b6:0f:03:03:77:02:24:
(0) df:d6:f5:b9:16:75:b5:2a:3b:6b:9b:79:04:d8:ce:
(0) bf:97:96:7f:60:3d:c0:a8:34:0f:e3:70:5d:b4:8e:
(0) 39:ee:7b:fd:b8:ba:3c:4c:db:80:68:19:f3:9b:33:
(0) e3:ed:88:af:5a:73:49:af:cc:ea:82:03:3b:fe:71:
(0) b1:f1:02:fb:c8:ae:82:58:79:e8:98:bb:74:6c:d2:
(0) be:93:e2:6b:df:19:79:40:ad:c9:90:df:be:14:94:
(0) 76:9f:dc:26:29:d6:d5:f2:b3:69:72:7b:7b:8d:64:
(0) f3:f1:68:29:0d:62:c3:23:65:4a:97:cc:53:54:d2:
(0) 4b:5d
(0) Exponent: 65537 (0x10001)
(0)X509v3 EXTENSIONS
(0)X509v3 Basic Constraintscritical
(0) CA:FALSE
(0)X509v3 Extended Key Usage TLS Web Server Authentication, TLS Web Client Authentication
(0)X509v3 Key Usagecritical
(0) Digital Signature, Key Encipherment
(0)X509v3 CRL Distribution Points
(0) Full Name:
(0) URI:http://crl.godaddy.com/gds1-12.crl
(0)X509v3 Certificate Policies Policy: 2.16.840.1.114413.1.7.23.1
(0) CPS: http://certificates.godaddy.com/repository/
(0)Authority Information Access OCSP - URI:http://ocsp.godaddy.com/
(0) CA Issuers - URI:http://certificates.godaddy.com/repository/gd_intermediate.crt
(0)X509v3 Authority Key Identifier keyid:FD:AC:61:32:93:6C:45:D6:E2:EE:85:5F:9A:BA:E7:76:99:68:CC:E7
(0)X509v3 Subject Alternative Name DNS:*.isis.unc.edu, DNS:isis.unc.edu
(0)X509v3 Subject Key Identifier C1:AE:28:7A:CA:E6:FC:6B:71:BE:5E:40:38:E5:BD:99:24:A3:D5:27
(0)Signature(256 octets)
(0) 0f:5c:76:01:a0:1a:06:1c:e5:ab:72:66:c9:a2:25:a6
(0) 38:6a:cf:e9:ca:a1:0f:86:0a:de:fb:4f:a4:23:67:e4
(0) 57:de:2a:d5:27:0f:74:af:9e:51:3d:06:b3:a6:a2:aa
(0) a2:86:b2:c9:d5:01:0e:d4:d7:82:65:9f:36:21:fb:d6
(0) 10:f5:a3:b6:da:02:db:42:24:e6:20:b4:f9:c2:2b:7d
(0) 6a:d1:f5:07:d5:d1:a7:b9:08:2b:d6:17:d7:0e:b4:8e
(0) cf:ad:b1:87:ed:1f:9b:af:92:b2:06:07:e2:7c:ba:9c
(0) 6d:d1:61:5b:2e:1b:bc:6d:00:67:12:0d:10:6d:f1:2f
(0) 33:a2:e7:80:fd:6d:dc:81:00:12:02:c8:bf:ff:72:7b
(0) 43:2a:a4:39:2b:fe:ef:12:d9:af:ec:58:b5:40:a4:5a
(0) 58:9e:80:17:87:99:2a:bf:d4:1f:8e:f9:ab:03:24:87
(0) 11:72:c1:f9:24:5d:d9:27:c5:e0:b4:4f:7b:cb:9c:c9
(0) 3e:93:b0:64:4e:a7:74:cd:4f:71:7b:be:05:03:8e:c1
(0) 53:d9:9f:66:b9:72:78:ad:f3:7c:ca:54:58:e1:7c:71
(0) aa:d3:36:6c:3d:d7:30:bc:0e:28:2c:33:5b:e4:c4:52
(0) 2c:62:be:c0:fb:10:8f:41:9c:f3:9e:a2:66:7b:13:1c
(1)CERTIFICATE 1
(1)Version3 (0x2)
(1)Serial Number 0e:43:27:2c:e7:93
(1)Signature Algorithmsha1WithRSAEncryption
(1)ISSUER NAME
countryNameUS
stateOrProvinceNameArizona
localityNameScottsdale
organizationName"GoDaddy.com, Inc."
organizationalUnitNamehttp://certificates.godaddy.com/repository
commonNameGo Daddy Secure Certification Authority
serialNumber07969287
(1)SUBJECT NAME
organizationName*.isis.unc.edu
organizationalUnitNameDomain Control Validated
commonName*.isis.unc.edu
(1)Valid FromDec 22 20:06:48 2009 GMT
(1)Valid TillDec 22 20:06:48 2014 GMT
(1)Public Key AlgorithmrsaEncryption
(1)RSA Public Key(2048 bit)
(1) Public-Key: (2048 bit)
(1) Modulus:
(1) 00:b4:b1:1b:f6:26:8f:ac:83:65:22:6c:70:b7:4d:
(1) f3:41:04:74:34:c7:6c:bc:ca:c4:3e:42:be:4c:1d:
(1) c7:90:cd:f1:eb:50:21:7d:fe:6f:64:6a:c3:67:22:
(1) 13:14:4b:1f:22:72:37:94:46:4b:5a:9b:9b:0b:5c:
(1) 4a:f2:9e:63:0f:92:35:53:7d:9c:9e:c5:19:f4:b9:
(1) 21:6c:06:9b:ad:47:5c:04:84:f9:52:bd:7f:e2:ed:
(1) 0c:8c:2f:ff:e0:48:f3:e6:8a:0f:17:10:74:3b:af:
(1) 3f:fb:fb:f2:3c:b4:ac:37:76:58:cf:61:cf:35:94:
(1) c1:f6:e2:cf:dc:95:04:b8:b6:0f:03:03:77:02:24:
(1) df:d6:f5:b9:16:75:b5:2a:3b:6b:9b:79:04:d8:ce:
(1) bf:97:96:7f:60:3d:c0:a8:34:0f:e3:70:5d:b4:8e:
(1) 39:ee:7b:fd:b8:ba:3c:4c:db:80:68:19:f3:9b:33:
(1) e3:ed:88:af:5a:73:49:af:cc:ea:82:03:3b:fe:71:
(1) b1:f1:02:fb:c8:ae:82:58:79:e8:98:bb:74:6c:d2:
(1) be:93:e2:6b:df:19:79:40:ad:c9:90:df:be:14:94:
(1) 76:9f:dc:26:29:d6:d5:f2:b3:69:72:7b:7b:8d:64:
(1) f3:f1:68:29:0d:62:c3:23:65:4a:97:cc:53:54:d2:
(1) 4b:5d
(1) Exponent: 65537 (0x10001)
(1)X509v3 EXTENSIONS
(1)X509v3 Basic Constraintscritical
(1) CA:FALSE
(1)X509v3 Extended Key Usage TLS Web Server Authentication, TLS Web Client Authentication
(1)X509v3 Key Usagecritical
(1) Digital Signature, Key Encipherment
(1)X509v3 CRL Distribution Points
(1) Full Name:
(1) URI:http://crl.godaddy.com/gds1-12.crl
(1)X509v3 Certificate Policies Policy: 2.16.840.1.114413.1.7.23.1
(1) CPS: http://certificates.godaddy.com/repository/
(1)Authority Information Access OCSP - URI:http://ocsp.godaddy.com/
(1) CA Issuers - URI:http://certificates.godaddy.com/repository/gd_intermediate.crt
(1)X509v3 Authority Key Identifier keyid:FD:AC:61:32:93:6C:45:D6:E2:EE:85:5F:9A:BA:E7:76:99:68:CC:E7
(1)X509v3 Subject Alternative Name DNS:*.isis.unc.edu, DNS:isis.unc.edu
(1)X509v3 Subject Key Identifier C1:AE:28:7A:CA:E6:FC:6B:71:BE:5E:40:38:E5:BD:99:24:A3:D5:27
(1)Signature(256 octets)
(1) 0f:5c:76:01:a0:1a:06:1c:e5:ab:72:66:c9:a2:25:a6
(1) 38:6a:cf:e9:ca:a1:0f:86:0a:de:fb:4f:a4:23:67:e4
(1) 57:de:2a:d5:27:0f:74:af:9e:51:3d:06:b3:a6:a2:aa
(1) a2:86:b2:c9:d5:01:0e:d4:d7:82:65:9f:36:21:fb:d6
(1) 10:f5:a3:b6:da:02:db:42:24:e6:20:b4:f9:c2:2b:7d
(1) 6a:d1:f5:07:d5:d1:a7:b9:08:2b:d6:17:d7:0e:b4:8e
(1) cf:ad:b1:87:ed:1f:9b:af:92:b2:06:07:e2:7c:ba:9c
(1) 6d:d1:61:5b:2e:1b:bc:6d:00:67:12:0d:10:6d:f1:2f
(1) 33:a2:e7:80:fd:6d:dc:81:00:12:02:c8:bf:ff:72:7b
(1) 43:2a:a4:39:2b:fe:ef:12:d9:af:ec:58:b5:40:a4:5a
(1) 58:9e:80:17:87:99:2a:bf:d4:1f:8e:f9:ab:03:24:87
(1) 11:72:c1:f9:24:5d:d9:27:c5:e0:b4:4f:7b:cb:9c:c9
(1) 3e:93:b0:64:4e:a7:74:cd:4f:71:7b:be:05:03:8e:c1
(1) 53:d9:9f:66:b9:72:78:ad:f3:7c:ca:54:58:e1:7c:71
(1) aa:d3:36:6c:3d:d7:30:bc:0e:28:2c:33:5b:e4:c4:52
(1) 2c:62:be:c0:fb:10:8f:41:9c:f3:9e:a2:66:7b:13:1c
Expand Severity Title Port/Service
1
SSL Web Server Version port 443/tcp
QID:
86001
Category:
Web server
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
01/01/1999
User Modified:
-
Edited:
No
PCI Vuln:
No
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Server VersionServer Banner
_glass/1.0 Python/2.6.4
Expand Severity Title Port/Service
1
List of Web Directories port 443/tcp
QID:
86672
Category:
Web server
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
09/10/2004
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Based largely on the HTTP reply code, the following directories are most likely present on the host.
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
DirectorySource
/css/brute force
Expand Severity Title Port/Service
1
SSH daemon information retrieving port 2222/tcp
QID:
38047
Category:
General remote services
CVE ID:
CVE-1999-0634
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
04/21/2009
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
SSH is a secure protocol, provided it is fully patched, properly configured, and uses FIPS approved algorithms.


For Red Hat ES 4:-

SSH1 supported					yes

Supported authentification methods for SSH1	RSA,password

Supported ciphers for SSH1			3des,blowfish

SSH2 supported					yes

Supported keys exchange algorithm for SSH2	diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

Supported decryption ciphers for SSH2		aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr

Supported encryption ciphers for SSH2		aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr

Supported decryption mac for SSH2		hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

Supported encryption mac for SSH2		hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

Supported authentification methods for SSH2	publickey,gssapi-with-mic,password

IMPACT:
Successful exploitation allows an attacker to execute arbitrary commands on the SSH server or otherwise subvert an encrypted SSH channel with arbitrary data.
SOLUTION:
SSH version 2 is preferred over SSH version 1.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
SSH1 supportedno
SSH2 supportedyes
Supported keys exchange algorithm for SSH2diffie-hellman-group-exchange-sha256, diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha1, diffie-hellman-group1-sha1
Supported decryption ciphers for SSH2aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se
Supported encryption ciphers for SSH2aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se
Supported decryption mac for SSH2hmac-md5, hmac-sha1, umac-64@openssh.com, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-sha1-96, hmac-md5-96
Supported encryption mac for SSH2hmac-md5, hmac-sha1, umac-64@openssh.com, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-sha1-96, hmac-md5-96
Supported authentication methods for SSH2password, publickey, keyboard-interactive
Expand Severity Title Port/Service
1
SSH Banner port 2222/tcp
QID:
38050
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
02/04/2003
User Modified:
-
Edited:
No
PCI Vuln:
No
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
SSH-2.0-OpenSSH_5.4p1 FreeBSD-20100308
Expand Severity Title Port/Service
4
Red Hat Update for Kernel (RHSA-2013-0621)
 
QID:
121010
Category:
Local
CVE ID:
CVE-2013-0268 CVE-2013-0871
Vendor Reference
RHSA-2013-0621
Bugtraq ID:
-
Service Modified:
03/14/2013
User Modified:
-
Edited:
No
PCI Vuln:
Yes
CVSS Base:
6.9
CVSS Temporal:
5.4
THREAT:
The kernel packages contain the Linux kernel, the core of any Linux operating system.

This update fixes the following security issues:

* A flaw was found in the way file permission checks for the "/dev/cpu/[x]/msr" files were performed in restricted root environments (for example, when using a capability-based security model). A local user with the ability to write to these files could use this flaw to escalate their privileges to kernel level, for example, by writing to the SYSENTER_EIP_MSR register. (CVE-2013-0268, Important)

* A race condition was found in the way the Linux kernel's ptrace implementation handled PTRACE_SETREGS requests when the debuggee was woken due to a SIGKILL signal instead of being stopped. A local, unprivileged user could use this flaw to escalate their privileges. (CVE-2013-0871, Important)

Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.

IMPACT:
Exploitation could allow an attacker to conduct privilege escalation attacks.
SOLUTION:
Upgrade to the latest packages which contain a patch. These are available from the Red Hat Network.

To install packages using the command line interface, use the command "yum update".

Refer to Red Hat security advisory RHSA-2013-0621 to address this issue and obtain further details.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

RHSA-2013-0621: Red Hat Enterprise Linux (v. 5 64-bit IBM System z) (kernel-kdump-devel-2.6.18-348.3.1.el5.s390x)

RHSA-2013-0621: Red Hat Enterprise Linux (v. 5 64-bit IBM System z) (kernel-headers-2.6.18-348.3.1.el5.s390x)

RHSA-2013-0621: Red Hat Enterprise Linux (v. 5 64-bit IBM System z) (kernel-devel-2.6.18-348.3.1.el5.s390x)

RHSA-2013-0621: Red Hat Enterprise Linux (v. 5 64-bit IBM System z) (kernel-debug-devel-2.6.18-348.3.1.el5.s390x)

RHSA-2013-0621: Red Hat Enterprise Linux (v. 5 64-bit IBM System z) (kernel-debug-2.6.18-348.3.1.el5.s390x)

RHSA-2013-0621: Red Hat Enterprise Linux (v. 5 64-bit IBM System z) (kernel-kdump-2.6.18-348.3.1.el5.s390x)

RHSA-2013-0621: Red Hat Enterprise Linux (v. 5 64-bit IBM System z) (kernel-2.6.18-348.3.1.el5.s390x)

RHSA-2013-0621: Red Hat Enterprise Linux (v. 5 64-bit IBM System z) (kernel-doc-2.6.18-348.3.1.el5.noarch)

RHSA-2013-0621: Red Hat Enterprise Linux (v. 5 for 32-bit x86) (kernel-doc-2.6.18-348.3.1.el5.noarch)

RHSA-2013-0621: Red Hat Enterprise Linux (v. 5 for 32-bit x86) (kernel-xen-devel-2.6.18-348.3.1.el5.i686)

RHSA-2013-0621: Red Hat Enterprise Linux (v. 5 for 32-bit x86) (kernel-devel-2.6.18-348.3.1.el5.i686)

RHSA-2013-0621: Red Hat Enterprise Linux (v. 5 for 32-bit x86) (kernel-debug-devel-2.6.18-348.3.1.el5.i686)

RHSA-2013-0621: Red Hat Enterprise Linux (v. 5 for 32-bit x86) (kernel-PAE-devel-2.6.18-348.3.1.el5.i686)

RHSA-2013-0621: Red Hat Enterprise Linux (v. 5 for 32-bit x86) (kernel-2.6.18-348.3.1.el5.i686)

RHSA-2013-0621: Red Hat Enterprise Linux (v. 5 for 32-bit x86) (kernel-xen-2.6.18-348.3.1.el5.i686)

RHSA-2013-0621: Red Hat Enterprise Linux (v. 5 for 32-bit x86) (kernel-debug-2.6.18-348.3.1.el5.i686)

RHSA-2013-0621: Red Hat Enterprise Linux (v. 5 for 32-bit x86) (kernel-PAE-2.6.18-348.3.1.el5.i686)

RHSA-2013-0621: Red Hat Enterprise Linux (v. 5 for 32-bit x86) (kernel-headers-2.6.18-348.3.1.el5.i386)

RHSA-2013-0621: Red Hat Enterprise Linux (v. 5 for 64-bit IBM POWER) (kernel-kdump-devel-2.6.18-348.3.1.el5.ppc64)

RHSA-2013-0621: Red Hat Enterprise Linux (v. 5 for 64-bit IBM POWER) (kernel-kdump-2.6.18-348.3.1.el5.ppc64)

RHSA-2013-0621: Red Hat Enterprise Linux (v. 5 for 64-bit IBM POWER) (kernel-headers-2.6.18-348.3.1.el5.ppc64)

RHSA-2013-0621: Red Hat Enterprise Linux (v. 5 for 64-bit IBM POWER) (kernel-devel-2.6.18-348.3.1.el5.ppc64)

RHSA-2013-0621: Red Hat Enterprise Linux (v. 5 for 64-bit IBM POWER) (kernel-debug-devel-2.6.18-348.3.1.el5.ppc64)

RHSA-2013-0621: Red Hat Enterprise Linux (v. 5 for 64-bit IBM POWER) (kernel-debug-2.6.18-348.3.1.el5.ppc64)

RHSA-2013-0621: Red Hat Enterprise Linux (v. 5 for 64-bit IBM POWER) (kernel-2.6.18-348.3.1.el5.ppc64)

RHSA-2013-0621: Red Hat Enterprise Linux (v. 5 for 64-bit IBM POWER) (kernel-doc-2.6.18-348.3.1.el5.noarch)

RHSA-2013-0621: Red Hat Enterprise Linux (v. 5 for 64-bit IBM POWER) (kernel-headers-2.6.18-348.3.1.el5.ppc)

RHSA-2013-0621: Red Hat Enterprise Linux (v. 5 for 64-bit Itanium) (kernel-doc-2.6.18-348.3.1.el5.noarch)

RHSA-2013-0621: Red Hat Enterprise Linux (v. 5 for 64-bit Itanium) (kernel-xen-devel-2.6.18-348.3.1.el5.ia64)

RHSA-2013-0621: Red Hat Enterprise Linux (v. 5 for 64-bit Itanium) (kernel-xen-2.6.18-348.3.1.el5.ia64)

RHSA-2013-0621: Red Hat Enterprise Linux (v. 5 for 64-bit Itanium) (kernel-headers-2.6.18-348.3.1.el5.ia64)

RHSA-2013-0621: Red Hat Enterprise Linux (v. 5 for 64-bit Itanium) (kernel-devel-2.6.18-348.3.1.el5.ia64)

RHSA-2013-0621: Red Hat Enterprise Linux (v. 5 for 64-bit Itanium) (kernel-2.6.18-348.3.1.el5.ia64)

RHSA-2013-0621: Red Hat Enterprise Linux (v. 5 for 64-bit Itanium) (kernel-debug-2.6.18-348.3.1.el5.ia64)

RHSA-2013-0621: Red Hat Enterprise Linux (v. 5 for 64-bit Itanium) (kernel-debug-devel-2.6.18-348.3.1.el5.ia64)

RHSA-2013-0621: Red Hat Enterprise Linux (v. 5 for 64-bit x86_64) (kernel-devel-2.6.18-348.3.1.el5.x86_64)

RHSA-2013-0621: Red Hat Enterprise Linux (v. 5 for 64-bit x86_64) (kernel-debug-devel-2.6.18-348.3.1.el5.x86_64)

RHSA-2013-0621: Red Hat Enterprise Linux (v. 5 for 64-bit x86_64) (kernel-debug-2.6.18-348.3.1.el5.x86_64)

RHSA-2013-0621: Red Hat Enterprise Linux (v. 5 for 64-bit x86_64) (kernel-xen-devel-2.6.18-348.3.1.el5.x86_64)

RHSA-2013-0621: Red Hat Enterprise Linux (v. 5 for 64-bit x86_64) (kernel-xen-2.6.18-348.3.1.el5.x86_64)

RHSA-2013-0621: Red Hat Enterprise Linux (v. 5 for 64-bit x86_64) (kernel-headers-2.6.18-348.3.1.el5.x86_64)

RHSA-2013-0621: Red Hat Enterprise Linux (v. 5 for 64-bit x86_64) (kernel-2.6.18-348.3.1.el5.x86_64)

RHSA-2013-0621: Red Hat Enterprise Linux (v. 5 for 64-bit x86_64) (kernel-doc-2.6.18-348.3.1.el5.noarch)

RHSA-2013-0621: Red Hat Enterprise Linux Debuginfo (v. 5 64-bit IBM System z) (kernel-debuginfo-common-2.6.18-348.3.1.el5.s390x)

RHSA-2013-0621: Red Hat Enterprise Linux Debuginfo (v. 5 64-bit IBM System z) (kernel-kdump-debuginfo-2.6.18-348.3.1.el5.s390x)

RHSA-2013-0621: Red Hat Enterprise Linux Debuginfo (v. 5 64-bit IBM System z) (kernel-debuginfo-2.6.18-348.3.1.el5.s390x)

RHSA-2013-0621: Red Hat Enterprise Linux Debuginfo (v. 5 64-bit IBM System z) (kernel-debug-debuginfo-2.6.18-348.3.1.el5.s390x)

RHSA-2013-0621: Red Hat Enterprise Linux Debuginfo (v. 5 for 32-bit x86) (kernel-xen-debuginfo-2.6.18-348.3.1.el5.i686)

RHSA-2013-0621: Red Hat Enterprise Linux Debuginfo (v. 5 for 32-bit x86) (kernel-debuginfo-common-2.6.18-348.3.1.el5.i686)

RHSA-2013-0621: Red Hat Enterprise Linux Debuginfo (v. 5 for 32-bit x86) (kernel-debug-debuginfo-2.6.18-348.3.1.el5.i686)

RHSA-2013-0621: Red Hat Enterprise Linux Debuginfo (v. 5 for 32-bit x86) (kernel-PAE-debuginfo-2.6.18-348.3.1.el5.i686)

RHSA-2013-0621: Red Hat Enterprise Linux Debuginfo (v. 5 for 32-bit x86) (kernel-debuginfo-2.6.18-348.3.1.el5.i686)

RHSA-2013-0621: Red Hat Enterprise Linux Debuginfo (v. 5 for 64-bit IBM POWER) (kernel-kdump-debuginfo-2.6.18-348.3.1.el5.ppc64)

RHSA-2013-0621: Red Hat Enterprise Linux Debuginfo (v. 5 for 64-bit IBM POWER) (kernel-debuginfo-common-2.6.18-348.3.1.el5.ppc64)

RHSA-2013-0621: Red Hat Enterprise Linux Debuginfo (v. 5 for 64-bit IBM POWER) (kernel-debuginfo-2.6.18-348.3.1.el5.ppc64)

RHSA-2013-0621: Red Hat Enterprise Linux Debuginfo (v. 5 for 64-bit IBM POWER) (kernel-debug-debuginfo-2.6.18-348.3.1.el5.ppc64)

RHSA-2013-0621: Red Hat Enterprise Linux Debuginfo (v. 5 for 64-bit Itanium) (kernel-xen-debuginfo-2.6.18-348.3.1.el5.ia64)

RHSA-2013-0621: Red Hat Enterprise Linux Debuginfo (v. 5 for 64-bit Itanium) (kernel-debuginfo-common-2.6.18-348.3.1.el5.ia64)

RHSA-2013-0621: Red Hat Enterprise Linux Debuginfo (v. 5 for 64-bit Itanium) (kernel-debuginfo-2.6.18-348.3.1.el5.ia64)

RHSA-2013-0621: Red Hat Enterprise Linux Debuginfo (v. 5 for 64-bit Itanium) (kernel-debug-debuginfo-2.6.18-348.3.1.el5.ia64)

RHSA-2013-0621: Red Hat Enterprise Linux Debuginfo (v. 5 for 64-bit x86_64) (kernel-xen-debuginfo-2.6.18-348.3.1.el5.x86_64)

RHSA-2013-0621: Red Hat Enterprise Linux Debuginfo (v. 5 for 64-bit x86_64) (kernel-debuginfo-common-2.6.18-348.3.1.el5.x86_64)

RHSA-2013-0621: Red Hat Enterprise Linux Debuginfo (v. 5 for 64-bit x86_64) (kernel-debuginfo-2.6.18-348.3.1.el5.x86_64)

RHSA-2013-0621: Red Hat Enterprise Linux Debuginfo (v. 5 for 64-bit x86_64) (kernel-debug-debuginfo-2.6.18-348.3.1.el5.x86_64)

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
Reference:
CVE-2013-0268
Description:
Linux Kernel 'MSR' Driver Local Privilege Escalation - The Exploit-DB Ref : 27297
Link:
http://www.exploit-db.com/exploits/27297
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
PackageInstalled VersionRequired Version
kernel-xen2.6.18-348.2.1.el52.6.18-348.3.1.el5
kernel-xen2.6.18-348.el52.6.18-348.3.1.el5
Expand Severity Title Port/Service
3
Red Hat Update for Kernel (RHSA-2013-0168)
 
QID:
120821
Category:
Local
CVE ID:
CVE-2012-1568 CVE-2012-4444 CVE-2012-5515
Vendor Reference
RHSA-2013-0168
Bugtraq ID:
-
Service Modified:
01/31/2013
User Modified:
-
Edited:
No
PCI Vuln:
Yes
CVSS Base:
5
CVSS Temporal:
3.7
THREAT:
The kernel packages contain the Linux kernel, the core of any Linux operating system.

This update fixes the following security issues:

* It was found that the Xen hypervisor implementation did not perform range checking on the guest provided values in multiple hypercalls. A privileged guest user could use this flaw to trigger long loops, leading to a denial of service (Xen hypervisor hang). (CVE-2012-5515, Moderate)

* It was found that when running a 32-bit binary that uses a large number of shared libraries, one of the libraries would always be loaded at a predictable address in memory. An attacker could use this flaw to bypass the Address Space Layout Randomization (ASLR) security feature. (CVE-2012-1568, Low)

* A flaw was found in the way the Linux kernel's IPv6 implementation handled overlapping, fragmented IPv6 packets. A remote attacker could potentially use this flaw to bypass protection mechanisms (such as a firewall or intrusion detection system (IDS)) when sending network packets to a target system. (CVE-2012-4444, Low)

IMPACT:
Malicious users could use this vulnerability to change partial contents or configuration on the system.
SOLUTION:
Upgrade to the latest packages which contain a patch. These are available from the Red Hat Network.

To install packages using the command line interface, use the command "yum update".

Refer to Red Hat security advisory RHSA-2013-0168 to address this issue and obtain further details.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

RHSA-2013-0168: Red Hat Enterprise Linux (v. 5 for 32-bit x86) (kernel-doc-2.6.18-348.1.1.el5.noarch)

RHSA-2013-0168: Red Hat Enterprise Linux (v. 5 for 32-bit x86) (kernel-xen-2.6.18-348.1.1.el5.i686)

RHSA-2013-0168: Red Hat Enterprise Linux (v. 5 for 32-bit x86) (kernel-debug-2.6.18-348.1.1.el5.i686)

RHSA-2013-0168: Red Hat Enterprise Linux (v. 5 for 32-bit x86) (kernel-PAE-devel-2.6.18-348.1.1.el5.i686)

RHSA-2013-0168: Red Hat Enterprise Linux (v. 5 for 32-bit x86) (kernel-PAE-2.6.18-348.1.1.el5.i686)

RHSA-2013-0168: Red Hat Enterprise Linux (v. 5 for 32-bit x86) (kernel-2.6.18-348.1.1.el5.i686)

RHSA-2013-0168: Red Hat Enterprise Linux (v. 5 for 32-bit x86) (kernel-headers-2.6.18-348.1.1.el5.i386)

RHSA-2013-0168: Red Hat Enterprise Linux (v. 5 for 32-bit x86) (kernel-xen-devel-2.6.18-348.1.1.el5.i686)

RHSA-2013-0168: Red Hat Enterprise Linux (v. 5 for 32-bit x86) (kernel-devel-2.6.18-348.1.1.el5.i686)

RHSA-2013-0168: Red Hat Enterprise Linux (v. 5 for 32-bit x86) (kernel-debug-devel-2.6.18-348.1.1.el5.i686)

RHSA-2013-0168: Red Hat Enterprise Linux (v. 5 for 64-bit IBM POWER) (kernel-devel-2.6.18-348.1.1.el5.ppc64)

RHSA-2013-0168: Red Hat Enterprise Linux (v. 5 for 64-bit IBM POWER) (kernel-debug-devel-2.6.18-348.1.1.el5.ppc64)

RHSA-2013-0168: Red Hat Enterprise Linux (v. 5 for 64-bit IBM POWER) (kernel-kdump-devel-2.6.18-348.1.1.el5.ppc64)

RHSA-2013-0168: Red Hat Enterprise Linux (v. 5 for 64-bit IBM POWER) (kernel-kdump-2.6.18-348.1.1.el5.ppc64)

RHSA-2013-0168: Red Hat Enterprise Linux (v. 5 for 64-bit IBM POWER) (kernel-headers-2.6.18-348.1.1.el5.ppc64)

RHSA-2013-0168: Red Hat Enterprise Linux (v. 5 for 64-bit IBM POWER) (kernel-2.6.18-348.1.1.el5.ppc64)

RHSA-2013-0168: Red Hat Enterprise Linux (v. 5 for 64-bit IBM POWER) (kernel-headers-2.6.18-348.1.1.el5.ppc)

RHSA-2013-0168: Red Hat Enterprise Linux (v. 5 for 64-bit IBM POWER) (kernel-debug-2.6.18-348.1.1.el5.ppc64)

RHSA-2013-0168: Red Hat Enterprise Linux (v. 5 for 64-bit IBM POWER) (kernel-doc-2.6.18-348.1.1.el5.noarch)

RHSA-2013-0168: Red Hat Enterprise Linux (v. 5 for 64-bit Itanium) (kernel-headers-2.6.18-348.1.1.el5.ia64)

RHSA-2013-0168: Red Hat Enterprise Linux (v. 5 for 64-bit Itanium) (kernel-devel-2.6.18-348.1.1.el5.ia64)

RHSA-2013-0168: Red Hat Enterprise Linux (v. 5 for 64-bit Itanium) (kernel-2.6.18-348.1.1.el5.ia64)

RHSA-2013-0168: Red Hat Enterprise Linux (v. 5 for 64-bit Itanium) (kernel-doc-2.6.18-348.1.1.el5.noarch)

RHSA-2013-0168: Red Hat Enterprise Linux (v. 5 for 64-bit Itanium) (kernel-xen-devel-2.6.18-348.1.1.el5.ia64)

RHSA-2013-0168: Red Hat Enterprise Linux (v. 5 for 64-bit Itanium) (kernel-xen-2.6.18-348.1.1.el5.ia64)

RHSA-2013-0168: Red Hat Enterprise Linux (v. 5 for 64-bit Itanium) (kernel-debug-devel-2.6.18-348.1.1.el5.ia64)

RHSA-2013-0168: Red Hat Enterprise Linux (v. 5 for 64-bit Itanium) (kernel-debug-2.6.18-348.1.1.el5.ia64)

RHSA-2013-0168: Red Hat Enterprise Linux (v. 5 for 64-bit x86_64) (kernel-xen-devel-2.6.18-348.1.1.el5.x86_64)

RHSA-2013-0168: Red Hat Enterprise Linux (v. 5 for 64-bit x86_64) (kernel-xen-2.6.18-348.1.1.el5.x86_64)

RHSA-2013-0168: Red Hat Enterprise Linux (v. 5 for 64-bit x86_64) (kernel-devel-2.6.18-348.1.1.el5.x86_64)

RHSA-2013-0168: Red Hat Enterprise Linux (v. 5 for 64-bit x86_64) (kernel-debug-devel-2.6.18-348.1.1.el5.x86_64)

RHSA-2013-0168: Red Hat Enterprise Linux (v. 5 for 64-bit x86_64) (kernel-2.6.18-348.1.1.el5.x86_64)

RHSA-2013-0168: Red Hat Enterprise Linux (v. 5 for 64-bit x86_64) (kernel-headers-2.6.18-348.1.1.el5.x86_64)

RHSA-2013-0168: Red Hat Enterprise Linux (v. 5 for 64-bit x86_64) (kernel-debug-2.6.18-348.1.1.el5.x86_64)

RHSA-2013-0168: Red Hat Enterprise Linux (v. 5 for 64-bit x86_64) (kernel-doc-2.6.18-348.1.1.el5.noarch)

RHSA-2013-0168: Red Hat Enterprise Linux Debuginfo (v. 5 for 32-bit x86) (kernel-debuginfo-common-2.6.18-348.1.1.el5.i686)

RHSA-2013-0168: Red Hat Enterprise Linux Debuginfo (v. 5 for 32-bit x86) (kernel-debuginfo-2.6.18-348.1.1.el5.i686)

RHSA-2013-0168: Red Hat Enterprise Linux Debuginfo (v. 5 for 32-bit x86) (kernel-debug-debuginfo-2.6.18-348.1.1.el5.i686)

RHSA-2013-0168: Red Hat Enterprise Linux Debuginfo (v. 5 for 32-bit x86) (kernel-PAE-debuginfo-2.6.18-348.1.1.el5.i686)

RHSA-2013-0168: Red Hat Enterprise Linux Debuginfo (v. 5 for 32-bit x86) (kernel-xen-debuginfo-2.6.18-348.1.1.el5.i686)

RHSA-2013-0168: Red Hat Enterprise Linux Debuginfo (v. 5 for 64-bit IBM POWER) (kernel-kdump-debuginfo-2.6.18-348.1.1.el5.ppc64)

RHSA-2013-0168: Red Hat Enterprise Linux Debuginfo (v. 5 for 64-bit IBM POWER) (kernel-debuginfo-2.6.18-348.1.1.el5.ppc64)

RHSA-2013-0168: Red Hat Enterprise Linux Debuginfo (v. 5 for 64-bit IBM POWER) (kernel-debug-debuginfo-2.6.18-348.1.1.el5.ppc64)

RHSA-2013-0168: Red Hat Enterprise Linux Debuginfo (v. 5 for 64-bit IBM POWER) (kernel-debuginfo-common-2.6.18-348.1.1.el5.ppc64)

RHSA-2013-0168: Red Hat Enterprise Linux Debuginfo (v. 5 for 64-bit Itanium) (kernel-debuginfo-common-2.6.18-348.1.1.el5.ia64)

RHSA-2013-0168: Red Hat Enterprise Linux Debuginfo (v. 5 for 64-bit Itanium) (kernel-debug-debuginfo-2.6.18-348.1.1.el5.ia64)

RHSA-2013-0168: Red Hat Enterprise Linux Debuginfo (v. 5 for 64-bit Itanium) (kernel-xen-debuginfo-2.6.18-348.1.1.el5.ia64)

RHSA-2013-0168: Red Hat Enterprise Linux Debuginfo (v. 5 for 64-bit Itanium) (kernel-debuginfo-2.6.18-348.1.1.el5.ia64)

RHSA-2013-0168: Red Hat Enterprise Linux Debuginfo (v. 5 for 64-bit x86_64) (kernel-debuginfo-2.6.18-348.1.1.el5.x86_64)

RHSA-2013-0168: Red Hat Enterprise Linux Debuginfo (v. 5 for 64-bit x86_64) (kernel-debug-debuginfo-2.6.18-348.1.1.el5.x86_64)

RHSA-2013-0168: Red Hat Enterprise Linux Debuginfo (v. 5 for 64-bit x86_64) (kernel-xen-debuginfo-2.6.18-348.1.1.el5.x86_64)

RHSA-2013-0168: Red Hat Enterprise Linux Debuginfo (v. 5 for 64-bit x86_64) (kernel-debuginfo-common-2.6.18-348.1.1.el5.x86_64)

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
PackageInstalled VersionRequired Version
kernel-xen2.6.18-348.el52.6.18-348.1.1.el5
Expand Severity Title Port/Service
3
SSL Server Supports Weak Encryption Vulnerability port 25/tcp over SSL
 
QID:
38140
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/28/2009
User Modified:
-
Edited:
No
PCI Vuln:
Yes
CVSS Base:
9[1]
CVSS Temporal:
7.7
THREAT:
The Secure Socket Layer (SSL) protocol allows for secure communication between a client and a server.

SSL encryption ciphers are classified based on encryption key length as follows:

  • HIGH - key length larger than 128 bits
  • MEDIUM - key length equal to 128 bits
  • LOW - key length smaller than 128 bits

Messages encrypted with LOW encryption ciphers are easy to decrypt. Commercial SSL servers should only support MEDIUM or HIGH strength ciphers to guarantee transaction security.

The following link provides more information about this vulnerability:

Please note that this detection only checks for weak cipher support at the SSL layer. Some servers may implement additional protection at the data layer. For example, some SSL servers and SSL proxies (such as SSL accelerators) allow cipher negotiation to complete but send back an error message and abort further communication on the secure channel. This vulnerability may not be exploitable for such configurations.

IMPACT:
An attacker can exploit this vulnerability to decrypt secure communications without authorization.
SOLUTION:
Disable support for LOW encryption ciphers.

Apache
Typically, for Apache/mod_ssl, httpd.conf or ssl.conf should have the following lines:
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM

For Apache/apache_ssl include the following line in the configuration file (httpsd.conf):
SSLRequireCipher ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM

Tomcat
sslProtocol="SSLv3"
ciphers="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,SSL_DHE_RSA_W
ITH_3DES_EDE_CBC_SHA"

IIS
How to Restrict the Use of Certain Cryptographic Algorithms and Protocols in Schannel.dll (Windows restart required)
How to disable PCT 1.0, SSL 2.0, SSL 3.0, or TLS 1.0 in Internet Information Services (Windows restart required)
Security Guidance for IIS

For Novell Netware 6.5 please refer to the following document SSL Allows the use of Weak Ciphers. -TID10100633

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
CIPHERKEY-EXCHANGEAUTHENTICATIONMACENCRYPTION(KEY-STRENGTH)GRADE
SSLv3 WEAK CIPHERS
EDH-RSA-DES-CBC-SHADHRSASHA1DES(56) LOW
DES-CBC-SHARSARSASHA1DES(56) LOW
EXP-EDH-RSA-DES-CBC-SHADH(512)RSASHA1DES(40) LOW
EXP-DES-CBC-SHARSA(512)RSASHA1DES(40) LOW
EXP-RC2-CBC-MD5RSA(512)RSAMD5RC2(40) LOW
EXP-RC4-MD5RSA(512)RSAMD5RC4(40) LOW
TLSv1 WEAK CIPHERS
EDH-RSA-DES-CBC-SHADHRSASHA1DES(56) LOW
DES-CBC-SHARSARSASHA1DES(56) LOW
EXP-EDH-RSA-DES-CBC-SHADH(512)RSASHA1DES(40) LOW
EXP-DES-CBC-SHARSA(512)RSASHA1DES(40) LOW
EXP-RC2-CBC-MD5RSA(512)RSAMD5RC2(40) LOW
EXP-RC4-MD5RSA(512)RSAMD5RC4(40) LOW
Expand Severity Title Port/Service
3
SSL Server Has SSLv2 Enabled Vulnerability port 993/tcp over SSL
 
QID:
38139
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/09/2012
User Modified:
-
Edited:
No
PCI Vuln:
Yes
CVSS Base:
4[1]
CVSS Temporal:
3.6
THREAT:
The Secure Socket Layer (SSL) protocol allows for secure communication between a client and a server.

There are known flaws in the SSLv2 protocol. A man-in-the-middle attacker can force the communication to a less secure level and then attempt to break the weak encryption. The attacker can also truncate encrypted messages.

These flaws have been fixed in SSLv3 (or TLSv1). Most servers (including all popular Web servers, mail servers, etc.) and clients (including Web-clients like IE, Netscape Navigator and Mozilla and mail clients) support both SSLv2 and SSLv3. However, SSLv2 is enabled by default for backward compatibility.

The following link provides more information about this vulnerability:
Analysis of the SSL 3.0 Protocol

IMPACT:
An attacker can exploit this vulnerability to read secure communications or maliciously modify messages.
SOLUTION:
Disable SSLv2.

Typically, for Apache/mod_ssl, httpd.conf or ssl.conf should have the following lines:
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM

For Apache/apache_ssl, httpd.conf or ssl.conf should have the following line:
SSLNoV2

How to disable SSLv2 on IIS : Microsoft Knowledge Base Article - 187498
How to Restrict the Use of Certain Cryptographic Algorithms and Protocols in Schannel.dll : Microsoft Knowledge Base Article - 245030

For IIS 7, refer to the article How to Disable SSL 2.0 in IIS 7 for further information.

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Established SSLv2 connection using DES-CBC3-MD5 cipher.
Expand Severity Title Port/Service
3
SSL Server Supports Weak Encryption Vulnerability port 993/tcp over SSL
 
QID:
38140
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/28/2009
User Modified:
-
Edited:
No
PCI Vuln:
Yes
CVSS Base:
9[1]
CVSS Temporal:
7.7
THREAT:
The Secure Socket Layer (SSL) protocol allows for secure communication between a client and a server.

SSL encryption ciphers are classified based on encryption key length as follows:

  • HIGH - key length larger than 128 bits
  • MEDIUM - key length equal to 128 bits
  • LOW - key length smaller than 128 bits

Messages encrypted with LOW encryption ciphers are easy to decrypt. Commercial SSL servers should only support MEDIUM or HIGH strength ciphers to guarantee transaction security.

The following link provides more information about this vulnerability:

Please note that this detection only checks for weak cipher support at the SSL layer. Some servers may implement additional protection at the data layer. For example, some SSL servers and SSL proxies (such as SSL accelerators) allow cipher negotiation to complete but send back an error message and abort further communication on the secure channel. This vulnerability may not be exploitable for such configurations.

IMPACT:
An attacker can exploit this vulnerability to decrypt secure communications without authorization.
SOLUTION:
Disable support for LOW encryption ciphers.

Apache
Typically, for Apache/mod_ssl, httpd.conf or ssl.conf should have the following lines:
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM

For Apache/apache_ssl include the following line in the configuration file (httpsd.conf):
SSLRequireCipher ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM

Tomcat
sslProtocol="SSLv3"
ciphers="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,SSL_DHE_RSA_W
ITH_3DES_EDE_CBC_SHA"

IIS
How to Restrict the Use of Certain Cryptographic Algorithms and Protocols in Schannel.dll (Windows restart required)
How to disable PCT 1.0, SSL 2.0, SSL 3.0, or TLS 1.0 in Internet Information Services (Windows restart required)
Security Guidance for IIS

For Novell Netware 6.5 please refer to the following document SSL Allows the use of Weak Ciphers. -TID10100633

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
CIPHERKEY-EXCHANGEAUTHENTICATIONMACENCRYPTION(KEY-STRENGTH)GRADE
SSLv2 WEAK CIPHERS
EXP-RC4-MD5RSA(512)RSAMD5RC4(40) LOW
EXP-RC2-CBC-MD5RSA(512)RSAMD5RC2(40) LOW
DES-CBC-MD5RSARSAMD5DES(56) LOW
SSLv3 WEAK CIPHERS
EXP-RC4-MD5RSA(512)RSAMD5RC4(40) LOW
EXP-RC2-CBC-MD5RSA(512)RSAMD5RC2(40) LOW
DES-CBC-MD5RSARSAMD5DES(56) LOW
DES-CBC-SHARSARSASHA1DES(56) LOW
EXP-DES-CBC-SHARSA(512)RSASHA1DES(40) LOW
TLSv1 WEAK CIPHERS
EXP-RC4-MD5RSA(512)RSAMD5RC4(40) LOW
EXP-RC2-CBC-MD5RSA(512)RSAMD5RC2(40) LOW
DES-CBC-MD5RSARSAMD5DES(56) LOW
DES-CBC-SHARSARSASHA1DES(56) LOW
EXP-DES-CBC-SHARSA(512)RSASHA1DES(40) LOW
Expand Severity Title Port/Service
3
SSL Server Supports Weak Encryption Vulnerability port 465/tcp over SSL
 
QID:
38140
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/28/2009
User Modified:
-
Edited:
No
PCI Vuln:
Yes
CVSS Base:
9[1]
CVSS Temporal:
7.7
THREAT:
The Secure Socket Layer (SSL) protocol allows for secure communication between a client and a server.

SSL encryption ciphers are classified based on encryption key length as follows:

  • HIGH - key length larger than 128 bits
  • MEDIUM - key length equal to 128 bits
  • LOW - key length smaller than 128 bits

Messages encrypted with LOW encryption ciphers are easy to decrypt. Commercial SSL servers should only support MEDIUM or HIGH strength ciphers to guarantee transaction security.

The following link provides more information about this vulnerability:

Please note that this detection only checks for weak cipher support at the SSL layer. Some servers may implement additional protection at the data layer. For example, some SSL servers and SSL proxies (such as SSL accelerators) allow cipher negotiation to complete but send back an error message and abort further communication on the secure channel. This vulnerability may not be exploitable for such configurations.

IMPACT:
An attacker can exploit this vulnerability to decrypt secure communications without authorization.
SOLUTION:
Disable support for LOW encryption ciphers.

Apache
Typically, for Apache/mod_ssl, httpd.conf or ssl.conf should have the following lines:
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM

For Apache/apache_ssl include the following line in the configuration file (httpsd.conf):
SSLRequireCipher ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM

Tomcat
sslProtocol="SSLv3"
ciphers="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,SSL_DHE_RSA_W
ITH_3DES_EDE_CBC_SHA"

IIS
How to Restrict the Use of Certain Cryptographic Algorithms and Protocols in Schannel.dll (Windows restart required)
How to disable PCT 1.0, SSL 2.0, SSL 3.0, or TLS 1.0 in Internet Information Services (Windows restart required)
Security Guidance for IIS

For Novell Netware 6.5 please refer to the following document SSL Allows the use of Weak Ciphers. -TID10100633

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
CIPHERKEY-EXCHANGEAUTHENTICATIONMACENCRYPTION(KEY-STRENGTH)GRADE
SSLv3 WEAK CIPHERS
EDH-RSA-DES-CBC-SHADHRSASHA1DES(56) LOW
DES-CBC-SHARSARSASHA1DES(56) LOW
EXP-EDH-RSA-DES-CBC-SHADH(512)RSASHA1DES(40) LOW
EXP-DES-CBC-SHARSA(512)RSASHA1DES(40) LOW
EXP-RC2-CBC-MD5RSA(512)RSAMD5RC2(40) LOW
EXP-RC4-MD5RSA(512)RSAMD5RC4(40) LOW
TLSv1 WEAK CIPHERS
EDH-RSA-DES-CBC-SHADHRSASHA1DES(56) LOW
DES-CBC-SHARSARSASHA1DES(56) LOW
EXP-EDH-RSA-DES-CBC-SHADH(512)RSASHA1DES(40) LOW
EXP-DES-CBC-SHARSA(512)RSASHA1DES(40) LOW
EXP-RC2-CBC-MD5RSA(512)RSAMD5RC2(40) LOW
EXP-RC4-MD5RSA(512)RSAMD5RC4(40) LOW
Expand Severity Title Port/Service
3
SSL Server Supports Weak Encryption Vulnerability port 587/tcp over SSL
 
QID:
38140
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/28/2009
User Modified:
-
Edited:
No
PCI Vuln:
Yes
CVSS Base:
9[1]
CVSS Temporal:
7.7
THREAT:
The Secure Socket Layer (SSL) protocol allows for secure communication between a client and a server.

SSL encryption ciphers are classified based on encryption key length as follows:

  • HIGH - key length larger than 128 bits
  • MEDIUM - key length equal to 128 bits
  • LOW - key length smaller than 128 bits

Messages encrypted with LOW encryption ciphers are easy to decrypt. Commercial SSL servers should only support MEDIUM or HIGH strength ciphers to guarantee transaction security.

The following link provides more information about this vulnerability:

Please note that this detection only checks for weak cipher support at the SSL layer. Some servers may implement additional protection at the data layer. For example, some SSL servers and SSL proxies (such as SSL accelerators) allow cipher negotiation to complete but send back an error message and abort further communication on the secure channel. This vulnerability may not be exploitable for such configurations.

IMPACT:
An attacker can exploit this vulnerability to decrypt secure communications without authorization.
SOLUTION:
Disable support for LOW encryption ciphers.

Apache
Typically, for Apache/mod_ssl, httpd.conf or ssl.conf should have the following lines:
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM

For Apache/apache_ssl include the following line in the configuration file (httpsd.conf):
SSLRequireCipher ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM

Tomcat
sslProtocol="SSLv3"
ciphers="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,SSL_DHE_RSA_W
ITH_3DES_EDE_CBC_SHA"

IIS
How to Restrict the Use of Certain Cryptographic Algorithms and Protocols in Schannel.dll (Windows restart required)
How to disable PCT 1.0, SSL 2.0, SSL 3.0, or TLS 1.0 in Internet Information Services (Windows restart required)
Security Guidance for IIS

For Novell Netware 6.5 please refer to the following document SSL Allows the use of Weak Ciphers. -TID10100633

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
CIPHERKEY-EXCHANGEAUTHENTICATIONMACENCRYPTION(KEY-STRENGTH)GRADE
SSLv3 WEAK CIPHERS
EDH-RSA-DES-CBC-SHADHRSASHA1DES(56) LOW
DES-CBC-SHARSARSASHA1DES(56) LOW
EXP-EDH-RSA-DES-CBC-SHADH(512)RSASHA1DES(40) LOW
EXP-DES-CBC-SHARSA(512)RSASHA1DES(40) LOW
EXP-RC2-CBC-MD5RSA(512)RSAMD5RC2(40) LOW
EXP-RC4-MD5RSA(512)RSAMD5RC4(40) LOW
TLSv1 WEAK CIPHERS
EDH-RSA-DES-CBC-SHADHRSASHA1DES(56) LOW
DES-CBC-SHARSARSASHA1DES(56) LOW
EXP-EDH-RSA-DES-CBC-SHADH(512)RSASHA1DES(40) LOW
EXP-DES-CBC-SHARSA(512)RSASHA1DES(40) LOW
EXP-RC2-CBC-MD5RSA(512)RSAMD5RC2(40) LOW
EXP-RC4-MD5RSA(512)RSAMD5RC4(40) LOW
Expand Severity Title Port/Service
3
SSL Server Has SSLv2 Enabled Vulnerability port 906/tcp over SSL
 
QID:
38139
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/09/2012
User Modified:
-
Edited:
No
PCI Vuln:
Yes
CVSS Base:
4[1]
CVSS Temporal:
3.6
THREAT:
The Secure Socket Layer (SSL) protocol allows for secure communication between a client and a server.

There are known flaws in the SSLv2 protocol. A man-in-the-middle attacker can force the communication to a less secure level and then attempt to break the weak encryption. The attacker can also truncate encrypted messages.

These flaws have been fixed in SSLv3 (or TLSv1). Most servers (including all popular Web servers, mail servers, etc.) and clients (including Web-clients like IE, Netscape Navigator and Mozilla and mail clients) support both SSLv2 and SSLv3. However, SSLv2 is enabled by default for backward compatibility.

The following link provides more information about this vulnerability:
Analysis of the SSL 3.0 Protocol

IMPACT:
An attacker can exploit this vulnerability to read secure communications or maliciously modify messages.
SOLUTION:
Disable SSLv2.

Typically, for Apache/mod_ssl, httpd.conf or ssl.conf should have the following lines:
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM

For Apache/apache_ssl, httpd.conf or ssl.conf should have the following line:
SSLNoV2

How to disable SSLv2 on IIS : Microsoft Knowledge Base Article - 187498
How to Restrict the Use of Certain Cryptographic Algorithms and Protocols in Schannel.dll : Microsoft Knowledge Base Article - 245030

For IIS 7, refer to the article How to Disable SSL 2.0 in IIS 7 for further information.

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Established SSLv2 connection using DES-CBC3-MD5 cipher.
Expand Severity Title Port/Service
3
SSL Server Supports Weak Encryption Vulnerability port 906/tcp over SSL
 
QID:
38140
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/28/2009
User Modified:
-
Edited:
No
PCI Vuln:
Yes
CVSS Base:
9[1]
CVSS Temporal:
7.7
THREAT:
The Secure Socket Layer (SSL) protocol allows for secure communication between a client and a server.

SSL encryption ciphers are classified based on encryption key length as follows:

  • HIGH - key length larger than 128 bits
  • MEDIUM - key length equal to 128 bits
  • LOW - key length smaller than 128 bits

Messages encrypted with LOW encryption ciphers are easy to decrypt. Commercial SSL servers should only support MEDIUM or HIGH strength ciphers to guarantee transaction security.

The following link provides more information about this vulnerability:

Please note that this detection only checks for weak cipher support at the SSL layer. Some servers may implement additional protection at the data layer. For example, some SSL servers and SSL proxies (such as SSL accelerators) allow cipher negotiation to complete but send back an error message and abort further communication on the secure channel. This vulnerability may not be exploitable for such configurations.

IMPACT:
An attacker can exploit this vulnerability to decrypt secure communications without authorization.
SOLUTION:
Disable support for LOW encryption ciphers.

Apache
Typically, for Apache/mod_ssl, httpd.conf or ssl.conf should have the following lines:
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM

For Apache/apache_ssl include the following line in the configuration file (httpsd.conf):
SSLRequireCipher ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM

Tomcat
sslProtocol="SSLv3"
ciphers="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,SSL_DHE_RSA_W
ITH_3DES_EDE_CBC_SHA"

IIS
How to Restrict the Use of Certain Cryptographic Algorithms and Protocols in Schannel.dll (Windows restart required)
How to disable PCT 1.0, SSL 2.0, SSL 3.0, or TLS 1.0 in Internet Information Services (Windows restart required)
Security Guidance for IIS

For Novell Netware 6.5 please refer to the following document SSL Allows the use of Weak Ciphers. -TID10100633

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
CIPHERKEY-EXCHANGEAUTHENTICATIONMACENCRYPTION(KEY-STRENGTH)GRADE
SSLv2 WEAK CIPHERS
EXP-RC4-MD5RSA(512)RSAMD5RC4(40) LOW
EXP-RC2-CBC-MD5RSA(512)RSAMD5RC2(40) LOW
DES-CBC-MD5RSARSAMD5DES(56) LOW
SSLv3 WEAK CIPHERS
EXP-RC4-MD5RSA(512)RSAMD5RC4(40) LOW
EXP-RC2-CBC-MD5RSA(512)RSAMD5RC2(40) LOW
DES-CBC-MD5RSARSAMD5DES(56) LOW
Expand Severity Title Port/Service
2
TCP Sequence Number Approximation Based Denial of Service
 
QID:
82054
Category:
TCP/IP
CVE ID:
CVE-2004-0230
Vendor Reference
-
Bugtraq ID:
10183
Service Modified:
02/02/2010
User Modified:
-
Edited:
No
PCI Vuln:
No
CVSS Base:
5
CVSS Temporal:
4.2
THREAT:
TCP provides stateful communications between hosts on a network. TCP sessions are established by a three-way handshake and use random 32-bit sequence and acknowledgement numbers to ensure the validity of traffic. A vulnerability was reported that may permit TCP sequence numbers to be more easily approximated by remote attackers. This issue affects products released by multiple vendors.

The cause of the vulnerability is that affected implementations will accept TCP sequence numbers within a certain range, known as the acknowledgement range, of the expected sequence number for a packet in the session. This is determined by the TCP window size, which is negotiated during the three-way handshake for the session. Larger TCP window sizes may be set to allow for more throughput, but the larger the TCP window size, the more probable it is to guess a TCP sequence number that falls within an acceptable range. It was initially thought that guessing an acceptable sequence number was relatively difficult for most implementations given random distribution, making this type of attack impractical. However, some implementations may make it easier to successfully approximate an acceptable TCP sequence number, making these attacks possible with a number of protocols and implementations.

This is further compounded by the fact that some implementations may support the use of the TCP Window Scale Option, as described in RFC 1323, to extend the TCP window size to a maximum value of 1 billion.

This vulnerability will permit a remote attacker to inject a SYN or RST packet into the session, causing it to be reset and effectively allowing for denial of service attacks. An attacker would exploit this issue by sending a packet to a receiving implementation with an approximated sequence number and a forged source IP address and TCP port.

There are a few factors that may present viable target implementations, such as those which depend on long-lived TCP connections, those that have known or easily guessed IP address endpoints and those implementations with easily guessed TCP source ports. It has been noted that Border Gateway Protocol (BGP) is reported to be particularly vulnerable to this type of attack, due to the use of long-lived TCP sessions and the possibility that some implementations may use the TCP Window Scale Option. As a result, this issue is likely to affect a number of routing platforms.

Another factor to consider is the relative difficulty of injecting packets into TCP sessions, as a number of receiving implementations will reassemble packets in order, dropping any duplicates. This may make some implementations more resistant to attacks than others.

It should be noted that while a number of vendors have confirmed this issue in various products, investigations are ongoing and it is likely that many other vendors and products will turn out to be vulnerable as the issue is investigated further.

IMPACT:
Successful exploitation of this issue could lead to denial of service attacks on the TCP based services of target hosts.
SOLUTION:
Please first check the results section below for the port number on which this vulnerability was detected. If that port number is known to be used for port-forwarding, then it is the backend host that is really vulnerable.

Various implementations and products including Check Point, Cisco, Cray Inc, Hitachi, Internet Initiative Japan, Inc (IIJ), Juniper Networks, NEC, Polycom, and Yamaha are currently undergoing review. Contact the vendors to obtain more information about affected products and fixes. NISCC Advisory 236929 - Vulnerability Issues in TCP details the vendor patch status as of the time of the advisory, and identifies resolutions and workarounds.

Refer to US-CERT Vulnerability Note VU#415294 and OSVDB Article 4030 to obtain a list of vendors affected by this issue and a note on resolutions (if any) provided by the vendor.

For Microsoft: Refer to MS05-019 and MS06-064 for further details.

For SGI IRIX: Refer to SGI Security Advisory 20040905-01-P

For SCO UnixWare 7.1.3 and 7.1.1: Refer to SCO Security Advisory SCOSA-2005.14

For Solaris (Sun Microsystems): The vendor has acknowledged the vulnerability; however a patch is not available. Refer to Sun Microsystems, Inc. Information for VU#415294 to obtain additional details. Also, refer to TA04-111A for detailed mitigating strategies against these attacks.

For NetBSD: Refer to NetBSD-SA2004-006

For Cisco: Refer to cisco-sa-20040420-tcp-ios.shtml.

For Red Hat Linux: There is no fix available.

Workaround:
The following BGP-specific workaround information has been provided.

For BGP implementations that support it, the TCP MD5 Signature Option should be enabled. Passwords that the MD5 checksum is applied to should be set to strong values and changed on a regular basis.

Secure BGP configuration instructions have been provided for Cisco and Juniper at these locations:
Secure Cisco IOS BGP Template
JUNOS Secure BGP Template

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
Reference:
CVE-2004-0230
Description:
MS Windows 2K/XP TCP Connection Reset Remote Attack Tool - The Exploit-DB Ref : 276
Link:
http://www.exploit-db.com/exploits/276
Reference:
CVE-2004-0230
Description:
TCP Connection Reset Remote Exploit - The Exploit-DB Ref : 291
Link:
http://www.exploit-db.com/exploits/291
Reference:
CVE-2004-0230
Description:
Multiple Vendor TCP Sequence Number Approximation Vulnerability (1) - The Exploit-DB Ref : 24030
Link:
http://www.exploit-db.com/exploits/24030
Reference:
CVE-2004-0230
Description:
Multiple Vendor TCP Sequence Number Approximation Vulnerability (2) - The Exploit-DB Ref : 24031
Link:
http://www.exploit-db.com/exploits/24031
Reference:
CVE-2004-0230
Description:
Multiple Vendor TCP Sequence Number Approximation Vulnerability (3) - The Exploit-DB Ref : 24032
Link:
http://www.exploit-db.com/exploits/24032
Reference:
CVE-2004-0230
Description:
Multiple Vendor TCP Sequence Number Approximation Vulnerability (4) - The Exploit-DB Ref : 24033
Link:
http://www.exploit-db.com/exploits/24033
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Tested on port 22 with an injected SYN/RST offset by 16 bytes.
Expand Severity Title Port/Service
2
GConf Temporary Directory Creation Denial of Service Vulnerability - Zero Day
 
QID:
115485
Category:
Local
CVE ID:
CVE-2006-6698
Vendor Reference
-
Bugtraq ID:
21762
Service Modified:
06/04/2009
User Modified:
-
Edited:
No
PCI Vuln:
No
CVSS Base:
1.9
CVSS Temporal:
1.8
THREAT:
GConf is a user preference storing application for multiple windows managers. GConf is prone to a local denial of service vulnerability. The problem occurs in the "gconf_get_daemon_dir" routine of "gconf-internals.c" when trying to create temporary files in the /tmp directory. The application attempts to create a directory named "gconf-$LOGNAME" where "$LOGNAME" is the current user. The application will crash if a directory or file already exists with that name.

GConf Version 2.8 is vulnerable. Other versions may also be affected.

IMPACT:
A malicious local user can exploit this issue by creating suitably named files in the /tmp directory. This will result in a denial of service for one or all GConf users.
SOLUTION:
Refer to the following link for more information: http://bugzilla.gnome.org/show_bug.cgi?id=167030
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
2.14.0
Expand Severity Title Port/Service
2
Avahi DNS Denial of Service Vulnerability
 
QID:
118183
Category:
Local
CVE ID:
CVE-2010-2244
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
03/26/2012
User Modified:
-
Edited:
No
PCI Vuln:
No
CVSS Base:
4.3
CVSS Temporal:
3.2
THREAT:
Avahi is a system that facilitates service discovery on a local network.

Some vulnerabilities have been reported in Avahi. The vulnerabilities are caused by errors within the "avahi_recv_dns_packet_ipv4()" and "avahi_recv_dns_packet_ipv6()" functions in avahi-core/socket.c, and can be exploited to cause an assertion error and terminate the service by sending a DNS packet with an incorrect checksum immediately followed by a DNS packet with correct checksum.

Affected Versions:
Avahi Versions prior to 0.6.26

IMPACT:
If this vulnerability is successfully exploited, attackers can cause a denial of service.
SOLUTION:
Update to Version 0.6.26 to resolve this issue. The latest version is available for download fromAvahi Web site.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

Avahi 0.6.26 (Avahi 0.6.26)

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
avahi-dnsconfd 0.6.16
Expand Severity Title Port/Service
2
Red Hat Update for Kernel (RHSA-2013-0594)
 
QID:
120994
Category:
Local
CVE ID:
CVE-2012-3400
Vendor Reference
RHSA-2013-0594
Bugtraq ID:
-
Service Modified:
03/11/2013
User Modified:
-
Edited:
No
PCI Vuln:
Yes
CVSS Base:
7.6
CVSS Temporal:
5.6
THREAT:
The kernel packages contain the Linux kernel, the core of any Linux operating system.

This update fixes the following security issues:

* Buffer overflow flaws were found in the udf_load_logicalvol() function in the Universal Disk Format (UDF) file system implementation in the Linux kernel. An attacker with physical access to a system could use these flaws to cause a denial of service or escalate their privileges. (CVE-2012-3400, Low)

Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.

IMPACT:
This vulnerability could be exploited to gain complete access to sensitive information. Malicious users could also use this vulnerability to change all the contents or configuration on the system.
SOLUTION:
Upgrade to the latest packages which contain a patch. These are available from the Red Hat Network.

To install packages using the command line interface, use the command "yum update".

Refer to Red Hat security advisory RHSA-2013-0594 to address this issue and obtain further details.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

RHSA-2013-0594: Red Hat Enterprise Linux (v. 5 64-bit IBM System z) (kernel-kdump-devel-2.6.18-348.2.1.el5.s390x)

RHSA-2013-0594: Red Hat Enterprise Linux (v. 5 64-bit IBM System z) (kernel-kdump-2.6.18-348.2.1.el5.s390x)

RHSA-2013-0594: Red Hat Enterprise Linux (v. 5 64-bit IBM System z) (kernel-devel-2.6.18-348.2.1.el5.s390x)

RHSA-2013-0594: Red Hat Enterprise Linux (v. 5 64-bit IBM System z) (kernel-debug-devel-2.6.18-348.2.1.el5.s390x)

RHSA-2013-0594: Red Hat Enterprise Linux (v. 5 64-bit IBM System z) (kernel-2.6.18-348.2.1.el5.s390x)

RHSA-2013-0594: Red Hat Enterprise Linux (v. 5 64-bit IBM System z) (kernel-headers-2.6.18-348.2.1.el5.s390x)

RHSA-2013-0594: Red Hat Enterprise Linux (v. 5 64-bit IBM System z) (kernel-debug-2.6.18-348.2.1.el5.s390x)

RHSA-2013-0594: Red Hat Enterprise Linux (v. 5 64-bit IBM System z) (kernel-doc-2.6.18-348.2.1.el5.noarch)

RHSA-2013-0594: Red Hat Enterprise Linux (v. 5 for 32-bit x86) (kernel-2.6.18-348.2.1.el5.i686)

RHSA-2013-0594: Red Hat Enterprise Linux (v. 5 for 32-bit x86) (kernel-xen-devel-2.6.18-348.2.1.el5.i686)

RHSA-2013-0594: Red Hat Enterprise Linux (v. 5 for 32-bit x86) (kernel-debug-devel-2.6.18-348.2.1.el5.i686)

RHSA-2013-0594: Red Hat Enterprise Linux (v. 5 for 32-bit x86) (kernel-debug-2.6.18-348.2.1.el5.i686)

RHSA-2013-0594: Red Hat Enterprise Linux (v. 5 for 32-bit x86) (kernel-PAE-devel-2.6.18-348.2.1.el5.i686)

RHSA-2013-0594: Red Hat Enterprise Linux (v. 5 for 32-bit x86) (kernel-doc-2.6.18-348.2.1.el5.noarch)

RHSA-2013-0594: Red Hat Enterprise Linux (v. 5 for 32-bit x86) (kernel-xen-2.6.18-348.2.1.el5.i686)

RHSA-2013-0594: Red Hat Enterprise Linux (v. 5 for 32-bit x86) (kernel-devel-2.6.18-348.2.1.el5.i686)

RHSA-2013-0594: Red Hat Enterprise Linux (v. 5 for 32-bit x86) (kernel-PAE-2.6.18-348.2.1.el5.i686)

RHSA-2013-0594: Red Hat Enterprise Linux (v. 5 for 32-bit x86) (kernel-headers-2.6.18-348.2.1.el5.i386)

RHSA-2013-0594: Red Hat Enterprise Linux (v. 5 for 64-bit IBM POWER) (kernel-headers-2.6.18-348.2.1.el5.ppc64)

RHSA-2013-0594: Red Hat Enterprise Linux (v. 5 for 64-bit IBM POWER) (kernel-debug-2.6.18-348.2.1.el5.ppc64)

RHSA-2013-0594: Red Hat Enterprise Linux (v. 5 for 64-bit IBM POWER) (kernel-2.6.18-348.2.1.el5.ppc64)

RHSA-2013-0594: Red Hat Enterprise Linux (v. 5 for 64-bit IBM POWER) (kernel-devel-2.6.18-348.2.1.el5.ppc64)

RHSA-2013-0594: Red Hat Enterprise Linux (v. 5 for 64-bit IBM POWER) (kernel-headers-2.6.18-348.2.1.el5.ppc)

RHSA-2013-0594: Red Hat Enterprise Linux (v. 5 for 64-bit IBM POWER) (kernel-kdump-devel-2.6.18-348.2.1.el5.ppc64)

RHSA-2013-0594: Red Hat Enterprise Linux (v. 5 for 64-bit IBM POWER) (kernel-kdump-2.6.18-348.2.1.el5.ppc64)

RHSA-2013-0594: Red Hat Enterprise Linux (v. 5 for 64-bit IBM POWER) (kernel-debug-devel-2.6.18-348.2.1.el5.ppc64)

RHSA-2013-0594: Red Hat Enterprise Linux (v. 5 for 64-bit IBM POWER) (kernel-doc-2.6.18-348.2.1.el5.noarch)

RHSA-2013-0594: Red Hat Enterprise Linux (v. 5 for 64-bit Itanium) (kernel-xen-2.6.18-348.2.1.el5.ia64)

RHSA-2013-0594: Red Hat Enterprise Linux (v. 5 for 64-bit Itanium) (kernel-debug-devel-2.6.18-348.2.1.el5.ia64)

RHSA-2013-0594: Red Hat Enterprise Linux (v. 5 for 64-bit Itanium) (kernel-debug-2.6.18-348.2.1.el5.ia64)

RHSA-2013-0594: Red Hat Enterprise Linux (v. 5 for 64-bit Itanium) (kernel-xen-devel-2.6.18-348.2.1.el5.ia64)

RHSA-2013-0594: Red Hat Enterprise Linux (v. 5 for 64-bit Itanium) (kernel-devel-2.6.18-348.2.1.el5.ia64)

RHSA-2013-0594: Red Hat Enterprise Linux (v. 5 for 64-bit Itanium) (kernel-2.6.18-348.2.1.el5.ia64)

RHSA-2013-0594: Red Hat Enterprise Linux (v. 5 for 64-bit Itanium) (kernel-doc-2.6.18-348.2.1.el5.noarch)

RHSA-2013-0594: Red Hat Enterprise Linux (v. 5 for 64-bit Itanium) (kernel-headers-2.6.18-348.2.1.el5.ia64)

RHSA-2013-0594: Red Hat Enterprise Linux (v. 5 for 64-bit x86_64) (kernel-debug-2.6.18-348.2.1.el5.x86_64)

RHSA-2013-0594: Red Hat Enterprise Linux (v. 5 for 64-bit x86_64) (kernel-devel-2.6.18-348.2.1.el5.x86_64)

RHSA-2013-0594: Red Hat Enterprise Linux (v. 5 for 64-bit x86_64) (kernel-xen-devel-2.6.18-348.2.1.el5.x86_64)

RHSA-2013-0594: Red Hat Enterprise Linux (v. 5 for 64-bit x86_64) (kernel-xen-2.6.18-348.2.1.el5.x86_64)

RHSA-2013-0594: Red Hat Enterprise Linux (v. 5 for 64-bit x86_64) (kernel-headers-2.6.18-348.2.1.el5.x86_64)

RHSA-2013-0594: Red Hat Enterprise Linux (v. 5 for 64-bit x86_64) (kernel-debug-devel-2.6.18-348.2.1.el5.x86_64)

RHSA-2013-0594: Red Hat Enterprise Linux (v. 5 for 64-bit x86_64) (kernel-2.6.18-348.2.1.el5.x86_64)

RHSA-2013-0594: Red Hat Enterprise Linux (v. 5 for 64-bit x86_64) (kernel-doc-2.6.18-348.2.1.el5.noarch)

RHSA-2013-0594: Red Hat Enterprise Linux Debuginfo (v. 5 64-bit IBM System z) (kernel-kdump-debuginfo-2.6.18-348.2.1.el5.s390x)

RHSA-2013-0594: Red Hat Enterprise Linux Debuginfo (v. 5 64-bit IBM System z) (kernel-debug-debuginfo-2.6.18-348.2.1.el5.s390x)

RHSA-2013-0594: Red Hat Enterprise Linux Debuginfo (v. 5 64-bit IBM System z) (kernel-debuginfo-common-2.6.18-348.2.1.el5.s390x)

RHSA-2013-0594: Red Hat Enterprise Linux Debuginfo (v. 5 64-bit IBM System z) (kernel-debuginfo-2.6.18-348.2.1.el5.s390x)

RHSA-2013-0594: Red Hat Enterprise Linux Debuginfo (v. 5 for 32-bit x86) (kernel-debuginfo-2.6.18-348.2.1.el5.i686)

RHSA-2013-0594: Red Hat Enterprise Linux Debuginfo (v. 5 for 32-bit x86) (kernel-debug-debuginfo-2.6.18-348.2.1.el5.i686)

RHSA-2013-0594: Red Hat Enterprise Linux Debuginfo (v. 5 for 32-bit x86) (kernel-xen-debuginfo-2.6.18-348.2.1.el5.i686)

RHSA-2013-0594: Red Hat Enterprise Linux Debuginfo (v. 5 for 32-bit x86) (kernel-debuginfo-common-2.6.18-348.2.1.el5.i686)

RHSA-2013-0594: Red Hat Enterprise Linux Debuginfo (v. 5 for 32-bit x86) (kernel-PAE-debuginfo-2.6.18-348.2.1.el5.i686)

RHSA-2013-0594: Red Hat Enterprise Linux Debuginfo (v. 5 for 64-bit IBM POWER) (kernel-debuginfo-2.6.18-348.2.1.el5.ppc64)

RHSA-2013-0594: Red Hat Enterprise Linux Debuginfo (v. 5 for 64-bit IBM POWER) (kernel-debug-debuginfo-2.6.18-348.2.1.el5.ppc64)

RHSA-2013-0594: Red Hat Enterprise Linux Debuginfo (v. 5 for 64-bit IBM POWER) (kernel-debuginfo-common-2.6.18-348.2.1.el5.ppc64)

RHSA-2013-0594: Red Hat Enterprise Linux Debuginfo (v. 5 for 64-bit IBM POWER) (kernel-kdump-debuginfo-2.6.18-348.2.1.el5.ppc64)

RHSA-2013-0594: Red Hat Enterprise Linux Debuginfo (v. 5 for 64-bit Itanium) (kernel-xen-debuginfo-2.6.18-348.2.1.el5.ia64)

RHSA-2013-0594: Red Hat Enterprise Linux Debuginfo (v. 5 for 64-bit Itanium) (kernel-debuginfo-common-2.6.18-348.2.1.el5.ia64)

RHSA-2013-0594: Red Hat Enterprise Linux Debuginfo (v. 5 for 64-bit Itanium) (kernel-debuginfo-2.6.18-348.2.1.el5.ia64)

RHSA-2013-0594: Red Hat Enterprise Linux Debuginfo (v. 5 for 64-bit Itanium) (kernel-debug-debuginfo-2.6.18-348.2.1.el5.ia64)

RHSA-2013-0594: Red Hat Enterprise Linux Debuginfo (v. 5 for 64-bit x86_64) (kernel-xen-debuginfo-2.6.18-348.2.1.el5.x86_64)

RHSA-2013-0594: Red Hat Enterprise Linux Debuginfo (v. 5 for 64-bit x86_64) (kernel-debuginfo-common-2.6.18-348.2.1.el5.x86_64)

RHSA-2013-0594: Red Hat Enterprise Linux Debuginfo (v. 5 for 64-bit x86_64) (kernel-debuginfo-2.6.18-348.2.1.el5.x86_64)

RHSA-2013-0594: Red Hat Enterprise Linux Debuginfo (v. 5 for 64-bit x86_64) (kernel-debug-debuginfo-2.6.18-348.2.1.el5.x86_64)

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
PackageInstalled VersionRequired Version
kernel-xen2.6.18-348.el52.6.18-348.2.1.el5
Expand Severity Title Port/Service
1
Fetchmail Debug Mode POP3 UIDL Lists Denial of Service Vulnerability
 
QID:
118038
Category:
Local
CVE ID:
CVE-2010-1167
Vendor Reference
fetchmail-SA-2010-02
Bugtraq ID:
-
Service Modified:
06/22/2010
User Modified:
-
Edited:
No
PCI Vuln:
No
CVSS Base:
4.3
CVSS Temporal:
3.2
THREAT:
Fetchmail is an open source software utility for POSIX-compliant operating systems which is used to retrieve e-mail from a remote POP3, IMAP, ETRN or ODMR mail server to the user's local system.

A vulnerability has been identified in Fetchmail, which could be exploited by attackers to cause a denial of service. This issue is caused by an error when processing message headers or POP3 UIDL lists including invalid characters in a multi-character locale while debug mode is enabled.

Affected Versions:
Fetchmail releases 4.6.3 up to and including 6.3.16

IMPACT:
Successful exploit by attackers can cause a vulnerable application to crash or exhaust all available memory resources, creating a denial of service.
SOLUTION:
Workaround:
Run fetchmail with at most one -v (--verbose) option.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

fetchmail-SA-2010-02 (Fetchmail 6.3.17)

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
This is fetchmail release 6.3.6+GSS+RPA+NTLM+SDPS+SSL+HESIOD+NLS+KRB4+KRB5.
Expand Severity Title Port/Service
3
OpenSSH Plaintext Recovery Attack Against SSH Vulnerability
 
QID:
42339
Category:
General remote services
CVE ID:
CVE-2008-5161
Vendor Reference
openssh-5.2 release note
Bugtraq ID:
-
Service Modified:
09/13/2010
User Modified:
-
Edited:
No
PCI Vuln:
No
CVSS Base:
2.6
CVSS Temporal:
2
THREAT:
OpenSSH is a set of computer programs providing encrypted communication sessions over a computer network using the SSH protocol.

OpenSSH is prone to a plain text recovery attack. The issue is in the SSH protocol specification itself and exists in Secure Shell (SSH) software when used with CBC-mode ciphers.

Affected Versions:
OpenSSH Version 5.1 and earlier.

IMPACT:
This issue can be exploited by a remote unprivileged user to gain access to some of the plain text information from intercepted SSH network traffic, which would otherwise be encrypted.
SOLUTION:
Upgrade to OpenSSH 5.2 or later, available from the OpenSSH OpenSSH Download site.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

OpenSSH 5.2: OpenSSH

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
SSH-2.0-OpenSSH_4.3
Expand Severity Title Port/Service
3
Sendmail SSL Certificate NULL Character Spoofing Vulnerability port 25/tcp
 
QID:
74240
Category:
Mail services
CVE ID:
CVE-2009-4565
Vendor Reference
Sendmail - 8.14.4
Bugtraq ID:
-
Service Modified:
11/09/2011
User Modified:
-
Edited:
No
PCI Vuln:
Yes
CVSS Base:
7.5
CVSS Temporal:
5.5
THREAT:
Sendmail is prone to a SSL certificate NULL character spoofing vulnerability.

This updated version (8.14.4) will resolve following security issues.

Some certificate authorities do not properly check the requests they are signing and hence allow spoofing via an embedded NUL in the CN entry. Some checks have been added to deal with "bogus" CNs.

A workaround for a Linux resolver problem has been added to avoid core dumps.

IMPACT:
A man-in-the-middle attacker may be able to spoof arbitrary SSL SMTP servers.
SOLUTION:
This vulnerability is fixed in Sendmail Version 8.14.4. Check Sendmail's Web site to upgrade to this version.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

8.14.4: sendmail (sendmail)

8.14.4: sendmail (sendmail)

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
220 mail.schsr.unc.edu ESMTP Sendmail 8.13.8/8.13.8; Sat, 23 Mar 2013 12:16:00 -0400
Expand Severity Title Port/Service
3
Sendmail SSL Certificate NULL Character Spoofing Vulnerability port 465/tcp over SSL
 
QID:
74240
Category:
Mail services
CVE ID:
CVE-2009-4565
Vendor Reference
Sendmail - 8.14.4
Bugtraq ID:
-
Service Modified:
11/09/2011
User Modified:
-
Edited:
No
PCI Vuln:
Yes
CVSS Base:
7.5
CVSS Temporal:
5.5
THREAT:
Sendmail is prone to a SSL certificate NULL character spoofing vulnerability.

This updated version (8.14.4) will resolve following security issues.

Some certificate authorities do not properly check the requests they are signing and hence allow spoofing via an embedded NUL in the CN entry. Some checks have been added to deal with "bogus" CNs.

A workaround for a Linux resolver problem has been added to avoid core dumps.

IMPACT:
A man-in-the-middle attacker may be able to spoof arbitrary SSL SMTP servers.
SOLUTION:
This vulnerability is fixed in Sendmail Version 8.14.4. Check Sendmail's Web site to upgrade to this version.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

8.14.4: sendmail (sendmail)

8.14.4: sendmail (sendmail)

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
220 mail.schsr.unc.edu ESMTP Sendmail 8.13.8/8.13.8; Sat, 23 Mar 2013 12:30:20 -0400
Expand Severity Title Port/Service
3
Sendmail SSL Certificate NULL Character Spoofing Vulnerability port 587/tcp
 
QID:
74240
Category:
Mail services
CVE ID:
CVE-2009-4565
Vendor Reference
Sendmail - 8.14.4
Bugtraq ID:
-
Service Modified:
11/09/2011
User Modified:
-
Edited:
No
PCI Vuln:
Yes
CVSS Base:
7.5
CVSS Temporal:
5.5
THREAT:
Sendmail is prone to a SSL certificate NULL character spoofing vulnerability.

This updated version (8.14.4) will resolve following security issues.

Some certificate authorities do not properly check the requests they are signing and hence allow spoofing via an embedded NUL in the CN entry. Some checks have been added to deal with "bogus" CNs.

A workaround for a Linux resolver problem has been added to avoid core dumps.

IMPACT:
A man-in-the-middle attacker may be able to spoof arbitrary SSL SMTP servers.
SOLUTION:
This vulnerability is fixed in Sendmail Version 8.14.4. Check Sendmail's Web site to upgrade to this version.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

8.14.4: sendmail (sendmail)

8.14.4: sendmail (sendmail)

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
220 mail.schsr.unc.edu ESMTP Sendmail 8.13.8/8.13.8; Sat, 23 Mar 2013 12:32:05 -0400
Expand Severity Title Port/Service
3
Remote Access or Management Service Detected
QID:
42017
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
10/17/2011
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
A remote access or remote management service was detected. If such a service is accessible to malicious users it can be used to carry different type of attacks. Malicious users could try to brute force credentials or collect additional information on the service which could enable them in crafting further attacks.

The Results section includes information on the remote access service that was found on the target.

Services like Telnet, Rlogin, SSH, windows remote desktop, pcAnywhere, Citrix Management Console, Remote Admin (RAdmin), VNC, OPENVPN and ISAKMP are checked.

IMPACT:
Consequences vary by the type of attack.
SOLUTION:
Expose the remote access or remote management services only to the system administrators or intended users of the system.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Service name: SSH on TCP port 22.
Expand Severity Title Port/Service
3
Unix Group List
QID:
105130
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
03/07/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
All Unix groups found at the host are listed in the result section. The following fields are provided in the order shown.

1) The group name. Group names are fairly arbitrary but it is a good idea to choose group names that express some idea about the function of the group.
2) The group's encrypted password. Group passwords encouraged poor security practices, so most modern Unix systems don't support them.
3) The group's unique numeric ID (GID).
4) All users in the group.

IMPACT:
Users can get elevated privileges if they are added to Unix groups.
SOLUTION:
Check to be sure that the information provided adheres to your security policy.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
No results available
Expand Severity Title Port/Service
2
Operating System Detected
QID:
45017
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
02/09/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Several different techniques can be used to identify the operating system (OS) running on a host. A short description of these techniques is provided below. The specific technique used to identify the OS on this host is included in the RESULTS section of your report.

1) TCP/IP Fingerprint: The operating system of a host can be identified from a remote system using TCP/IP fingerprinting. All underlying operating system TCP/IP stacks have subtle differences that can be seen in their responses to specially-crafted TCP packets. According to the results of this "fingerprinting" technique, the OS version is among those listed below.

Note that if one or more of these subtle differences are modified by a firewall or a packet filtering device between the scanner and the host, the fingerprinting technique may fail. Consequently, the version of the OS may not be detected correctly. If the host is behind a proxy-type firewall, the version of the operating system detected may be that for the firewall instead of for the host being scanned.

2) NetBIOS: Short for Network Basic Input Output System, an application programming interface (API) that augments the DOS BIOS by adding special functions for local-area networks (LANs). Almost all LANs for PCs are based on the NetBIOS. Some LAN manufacturers have even extended it, adding additional network capabilities. NetBIOS relies on a message format called Server Message Block (SMB).

3) PHP Info: PHP is a hypertext pre-processor, an open-source, server-side, HTML-embedded scripting language used to create dynamic Web pages. Under some configurations it is possible to call PHP functions like phpinfo() and obtain operating system information.

4) SNMP: The Simple Network Monitoring Protocol is used to monitor hosts, routers, and the networks to which they attach. The SNMP service maintains Management Information Base (MIB), a set of variables (database) that can be fetched by Managers. These include "MIB_II.system.sysDescr" for the operating system.

IMPACT:
Not applicable.
SOLUTION:
Not applicable.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Operating SystemTechniqueID
Red Hat Enterprise Linux Server 5.9Unix login
Linux 2.4-2.6 / Embedded Device / F5 Networks Big-IPTCP/IP FingerprintU1141:22
cpe:/o:redhat:red hat enterprise linux:5.9::server:CPE
Expand Severity Title Port/Service
2
List of Java Related Packages
QID:
45096
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
10/08/2008
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
All Java-related packages installed on your system are listed.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
java-1.4.2-gcj-compat-1.4.2.0-40jpp.115
Expand Severity Title Port/Service
2
Unix Users With root UserID
QID:
105139
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
09/22/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The result section displays UNIX users with a root UserID, that is users with UID of 0.
IMPACT:
Root privileges on a UNIX host permits a user complete control of the host's operating system, configuration, and services. Restricted use of this privilege is advised. Check to be sure the results adhere to your security policy.
SOLUTION:
Remove users that should not have root UserID according to your security policy.
COMPLIANCE:
Type: CobIT
Section: DS5.4
Description: User Account Management Ensure that requesting, establishing, issuing, suspending, modifying and closing user accounts and related user privileges are addressed by user account management. An approval procedure outlining the data or system owner granting the access privileges should be included. These procedures should apply for all users, including administrators (privileged users), internal and external users, for normal and emergency cases. Rights and obligations relative to access to enterprise systems and information are contractually arranged for all types of users. Perform regular management review of all accounts and related privileges.

EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
root
Expand Severity Title Port/Service
2
Unix Users With root GroupID
QID:
105140
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
09/22/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The result section displays UNIX users with a root GroupID, that is users with GID of 0.
IMPACT:
Root privileges on a UNIX host permits a user complete control of the host's operating system, configuration, and services. Restricted use of this privilege is advised. Check to be sure the results adhere to your security policy.
SOLUTION:
Remove users that should not have root GroupID according to your security policy.
COMPLIANCE:
Type: CobIT
Section: DS5.4
Description: User Account Management Ensure that requesting, establishing, issuing, suspending, modifying and closing user accounts and related user privileges are addressed by user account management. An approval procedure outlining the data or system owner granting the access privileges should be included. These procedures should apply for all users, including administrators (privileged users), internal and external users, for normal and emergency cases. Rights and obligations relative to access to enterprise systems and information are contractually arranged for all types of users. Perform regular management review of all accounts and related privileges.

EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
root
sync
shutdown
halt
operator
Expand Severity Title Port/Service
2
List of Home Directories Associated with UserIDs
QID:
105207
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
07/06/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
All users should have a default home directory assigned. The UserID and home directory associated with the userid are as follows.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
No results available
Expand Severity Title Port/Service
2
List of Valid Shells
QID:
105213
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
07/19/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
/etc/shells is a text file which contains the full pathnames of valid login shells. This detection gets the contents of /etc/shells file. More information can be found by "man shells" or "man getusershell".
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
/bin/sh
/bin/bash
/sbin/nologin
/bin/tcsh
/bin/csh
/bin/ksh
Expand Severity Title Port/Service
2
SU Logging
QID:
105326
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
04/08/2008
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
SU logging should be enabled to monitor suspicious activity.
IMPACT:
N/A
SOLUTION:
For Solaris, modify the /etc/default/su file and set the "SULOG" parameter.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
No results available
Expand Severity Title Port/Service
2
root Should Be Specified in Block List for FTP Users
QID:
105328
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
04/25/2008
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
As best practice root user should be present in the list of users blocked for File Transfer Protocol (FTP) access. A configuration file contains this list of local user names that the ftpd server does not allow remote FTP clients to use. The general name and location of this file is:

On Linux, Solaris and Mac - "/etc/ftpusers"
On HP-UX - "/etc/ftpd/ftpusers" or "/etc/ftpd/ftpaccess"

Note: On HP-UX, root permission is required to access /etc/ftpd/ftpusers file.

This vulnerability check requires read permission on above mentioned configuration files. Without permission this detection may give false results.

IMPACT:
N/A
SOLUTION:
Add root entry in the corresponding configuration file.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
File "/etc/ftpusers" not present or not accessible
Expand Severity Title Port/Service
2
SMTP Banner port 25/tcp
QID:
74042
Category:
Mail services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
03/11/2003
User Modified:
-
Edited:
No
PCI Vuln:
No
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
220 mail.schsr.unc.edu ESMTP Sendmail 8.13.8/8.13.8; Sat, 23 Mar 2013 12:16:00 -0400
Expand Severity Title Port/Service
2
SMTP Service Detected port 25/tcp
QID:
74145
Category:
Mail services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
09/20/2004
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The Mail Service on this host can be identified from a remote system using SMTP fingerprinting. According to the results of this fingerprinting technique, the Mail Service name and version are listed below.
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Name: Sendmail, Version: 8.13.8
Expand Severity Title Port/Service
2
IMAP Banner port 993/tcp over SSL
QID:
50010
Category:
Mail services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
01/01/1999
User Modified:
-
Edited:
No
PCI Vuln:
No
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
* OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID AUTH=PLAIN SASL-IR] mail.schsr.unc.edu Cyrus IMAP4 v2.3.7-Invoca-RPM-2.3.7-12.el5_7.2 server ready
Expand Severity Title Port/Service
2
SMTP Banner port 465/tcp over SSL
QID:
74042
Category:
Mail services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
03/11/2003
User Modified:
-
Edited:
No
PCI Vuln:
No
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
220 mail.schsr.unc.edu ESMTP Sendmail 8.13.8/8.13.8; Sat, 23 Mar 2013 12:30:20 -0400
Expand Severity Title Port/Service
2
SMTP Service Detected port 465/tcp over SSL
QID:
74145
Category:
Mail services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
09/20/2004
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The Mail Service on this host can be identified from a remote system using SMTP fingerprinting. According to the results of this fingerprinting technique, the Mail Service name and version are listed below.
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Name: Sendmail, Version: 8.13.8
Expand Severity Title Port/Service
2
SMTP Banner port 587/tcp
QID:
74042
Category:
Mail services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
03/11/2003
User Modified:
-
Edited:
No
PCI Vuln:
No
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
220 mail.schsr.unc.edu ESMTP Sendmail 8.13.8/8.13.8; Sat, 23 Mar 2013 12:32:05 -0400
Expand Severity Title Port/Service
2
SMTP Service Detected port 587/tcp
QID:
74145
Category:
Mail services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
09/20/2004
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The Mail Service on this host can be identified from a remote system using SMTP fingerprinting. According to the results of this fingerprinting technique, the Mail Service name and version are listed below.
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Name: Sendmail, Version: 8.13.8
Expand Severity Title Port/Service
1
DNS Host Name
QID:
6
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
01/01/1999
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The fully qualified domain name of this host, if it was obtained from a DNS server, is displayed in the RESULT section.
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
IP addressHost name
152.2.35.114mail.schsr.unc.edu
Expand Severity Title Port/Service
1
Firewall Detected
QID:
34011
Category:
Firewall
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
10/16/2001
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
A packet filtering device protecting this IP was detected. This is likely to be a firewall or a router using access control lists (ACLs).
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Some of the ports filtered by the firewall are: 20, 21, 23, 53, 80, 111, 135, 443, 445, 1.

Listed below are the ports filtered by the firewall.
No response has been received when any of these ports is probed.
1-21,23-24,26-464,466-586,588-630,632-905,907-992,994-6128,6130-65535
Expand Severity Title Port/Service
1
Target Network Information
QID:
45004
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
08/15/2013
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The information shown in the Result section was returned by the network infrastructure responsible for routing traffic from our cloud platform to the target network (where the scanner appliance is located).

This information was returned from: 1) the WHOIS service, or 2) the infrastructure provided by the closest gateway server to our cloud platform. If your ISP is routing traffic, your ISP's gateway server returned this information.

IMPACT:
This information can be used by malicious users to gather more information about the network infrastructure that may help in launching attacks against it.
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
The network handle is: UNCCH-NET
Network description:
University of North Carolina at Chapel Hill
Expand Severity Title Port/Service
1
Internet Service Provider
QID:
45005
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
08/15/2013
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The information shown in the Result section was returned by the network infrastructure responsible for routing traffic from our cloud platform to the target network (where the scanner appliance is located).

This information was returned from: 1) the WHOIS service, or 2) the infrastructure provided by the closest gateway server to our cloud platform. If your ISP is routing traffic, your ISP's gateway server returned this information.This information was gathered using the WHOIS service for the network and is believed to be the ISP of the target network.

IMPACT:
This information can be used by malicious users to gather more information about the network infrastructure that may aid in launching further attacks against it.
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
The ISP network handle is: UNCCH-NET
ISP Network description:
University of North Carolina at Chapel Hill
Expand Severity Title Port/Service
1
Traceroute
QID:
45006
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/09/2003
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Traceroute describes the path in realtime from the scanner to the remote host being contacted. It reports the IP addresses of all the routers in between.
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
HopsIPRound Trip TimeProbe
1152.2.20.10.76msICMP
2152.19.253.1061.25msICMP
3152.19.255.170.99msICMP
4152.19.255.2101.19msUDP
5152.2.35.1140.90msICMP
Expand Severity Title Port/Service
1
Unix Server Information
QID:
45037
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
11/29/2004
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The following information was found about the Unix server:
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
UNameLinux mail.schsr.unc.edu 2.6.18-348.3.1.el5xen #1 SMP Tue Mar 5 13:27:42 EST 2013 i686 i686 i386 GNU/Linux
Operating systemLinux
Red Hat ReleaseRed Hat Enterprise Linux Server release 5.9 (Tikanga)
ProductRed Hat Enterprise Linux Server
Version5.9
VendorRed Hat
CPUi386
Expand Severity Title Port/Service
1
Host Scan Time
QID:
45038
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
11/18/2004
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The Host Scan Time is the period of time it takes the scanning engine to perform the vulnerability assessment of a single target host. The Host Scan Time for this host is reported in the Result section below.

The Host Scan Time does not have a direct correlation to the Duration time as displayed in the Report Summary section of a scan results report. The Duration is the period of time it takes the service to perform a scan task. The Duration includes the time it takes the service to scan all hosts, which may involve parallel scanning. It also includes the time it takes for a scanner appliance to pick up the scan task and transfer the results back to the service's Secure Operating Center. Further, when a scan task is distributed across multiple scanners, the Duration includes the time it takes to perform parallel host scanning on all scanners.

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Scan duration: 2419 seconds

Start time: Sat, Mar 23 2013, 16:14:11 GMT

End time: Sat, Mar 23 2013, 16:54:30 GMT
Expand Severity Title Port/Service
1
Host Names Found
QID:
45039
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
02/14/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The following host names were discovered for this computer using various methods such as DNS look up, NetBIOS query, and SQL server name query.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Host NameSource
mail.schsr.unc.eduFQDN
mail.schsr.unc.eduSystem-configured
Expand Severity Title Port/Service
1
Contents of /etc/issue File
QID:
45046
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/04/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The /etc/issue file contains the login banner.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Red Hat Enterprise Linux Server release 5.9 (Tikanga)
Kernel \r on an \m
Expand Severity Title Port/Service
1
Contents of syslog.conf File
QID:
45069
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
10/30/2007
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The syslog.conf file specifies rules for logging Unix system messages.
IMPACT:
n/a
SOLUTION:
n/a
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages

# The authpriv file has restricted access.
authpriv.* /var/log/secure

# Log all the mail messages in one place.
mail.* -/var/log/mail/maillog


# Log cron stuff
cron.* /var/log/cron

# Everybody gets emergency messages
*.emerg *

# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler

# Save boot messages also to boot.log
local7.debug /var/log/boot.log
Expand Severity Title Port/Service
1
Contents of xinetd.conf File
QID:
45071
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
11/01/2007
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The xinetd.conf is the configuration file that determines the services provided by the xinetd daemon. The daemon features access control mechanisms such as TCP wrapper ACLs, extensive logging capabilities, and the ability to make services available based on time.
IMPACT:
n/a
SOLUTION:
n/a
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
#
# This is the master xinetd configuration file. Settings in the
# default section will be inherited by all service configurations
# unless explicitly overridden in the service configuration. See
# xinetd.conf in the man pages for a more detailed explanation of
# these attributes.

defaults
{
# The next two items are intended to be a quick access place to
# temporarily enable or disable services.
#
# enabled =
# disabled =

# Define general logging characteristics.
log_type = SYSLOG daemon info
log_on_failure = HOST
log_on_success = PID HOST DURATION EXIT

# Define access restriction defaults
#
# no_access =
# only_from =
# max_load = 0
cps = 50 10
instances = 250
per_source = 10

# Address and networking defaults
#
# bind =
# mdns = yes
v6only = no

# setup environmental attributes
#
# passenv =
groups = yes
umask = 002

# Generally, banners are not used. This sets up their global defaults
#
# banner =
# banner_fail =
# banner_success =
}

includedir /etc/xinetd.d
Expand Severity Title Port/Service
1
Linux Kernel Version Running
QID:
45097
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/05/2009
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The Linux kernel version running on the system at the time of the scan is listed in the result section. This QID currently supports:

Red Hat Linux
Oracle Enterprise Linux
Suse
Fedora
Debian
Ubuntu
CentOS

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Running Kernel Version is: 2.6.18-348.3.1.el5xen
Expand Severity Title Port/Service
1
Installed Kernel rpm List for Red Hat and Oracle Enterprise Linux
QID:
45098
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/05/2009
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
List of Red Hat Linux or Oracle Enterprise Linux kernels installed on the system.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
No results available
Expand Severity Title Port/Service
1
Contents of rsyslog.conf File
QID:
45121
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
01/10/2011
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The rsyslog.conf file is the main configuration file for the rsyslogd which logs system messages on *nix systems. This file specifies rules for logging.

ryslog.conf is backward compatible with sysklogd's syslog.conf file.

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
# Use traditional timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

# Provides kernel logging support (previously done by rklogd)
$ModLoad imklog
# Provides support for local system logging (e.g. via logger command)
$ModLoad imuxsock

# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages

# The authpriv file has restricted access.
authpriv.* /var/log/secure

# Log all the mail messages in one place.
mail.* -/var/log/maillog


# Log cron stuff
cron.* /var/log/cron

# Everybody gets emergency messages
*.emerg *

# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler

# Save boot messages also to boot.log
local7.* /var/log/boot.log
Expand Severity Title Port/Service
1
"daemon.notice" Entry Missing in rsyslog.conf file
QID:
45122
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
01/10/2011
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The rsyslog.conf file specifies rules for logging. The file contains information used by the rsyslogd to forward a system message to appropriate log files and/or users. An entry of the form:

daemon.notice [Tab] <path to logfile>

ensures that all conditions involving daemons (such as ftpd) that are not error conditions are logged in the specified log file.

This entry was found to be missing from the rsyslog.conf file on the target.

IMPACT:
N/A
SOLUTION:
Ensure that the absence of the daemon.notice entry is in compliance with your organization's security policy.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

$ModLoad imklog
$ModLoad imuxsock


*.info;mail.none;authpriv.none;cron.none /var/log/messages

authpriv.* /var/log/secure

mail.* -/var/log/maillog


cron.* /var/log/cron

*.emerg *

uucp,news.crit /var/log/spooler

local7.* /var/log/boot.log
Expand Severity Title Port/Service
1
Java Version Detected
QID:
45125
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
01/27/2011
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
An instance of java was detected on the target *NIX host.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
java -version

java version "1.4.2"
gij (GNU libgcj) version 4.1.2 20080704 (Red Hat 4.1.2-54)

Copyright (C) 2006 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Expand Severity Title Port/Service
1
Python Installed on Host
QID:
45127
Category:
Information gathering
CVE ID:
-
Vendor Reference
Python
Bugtraq ID:
-
Service Modified:
07/26/2011
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Python is installed on target host. Python is a powerful dynamic programming language that is used in a wide variety of application domains. Python is available for all major operating systems including Windows, Linux/Unix, OS/2 etc.

Note: For Windows Systems
To get the exact version of Python installed on the target, look for the string followed by '#define PY_VERSION' in the result section. A target can have more than one version of Python installed.

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
2.4.3 (#1, Oct 23 2012, 22:02:47)
[GCC 4.1.2 20080704 (Red Hat 4.1.2-54)]
Expand Severity Title Port/Service
1
Java Runtime Environment 1.4 Installed
QID:
45138
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
10/31/2011
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Java Runtime Environment 1.4 installed on the target machine.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Java Runtime Environment 1.4 installed
Expand Severity Title Port/Service
1
Installed Packages on Unix and Linux Operating Systems
QID:
45141
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
01/18/2012
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
This QID lists installed rpm packages or operating system vendor specific packages on the target Unix/Linux system.

Supported Unix or Linux Operating Systems:
RedHat Linux
CentOS
Suse
Fedora
Oracle Enterprise Linux
Debian
Ubuntu
IBM AIX
Solaris
Mac OS X

NOTE: If the system has more than 200 packages, this qid lists only first 200 packages.

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
cracklib-dicts 2.8.9-3.3
libSM 1.0.1-3.1
libattr 2.4.32-1.1
startup-notification 0.8-4.1
libXinerama 1.0.1-2.1
beecrypt 4.1.2-10.1.1
libxklavier 3.0-3.el5
ttmkfdir 3.0.9-23.el5
festival 1.95-5.2.1
udftools 1.0.0b3-0.1.el5
fontconfig 2.4.1-7.el5
libXft 2.1.10-1.1
ghostscript-fonts 5.50-13.1.1
python-ldap 2.2.0-2.1
libwvstreams 4.2.2-2.1
zenity 2.16.0-2.el5
portmap 4.0-65.2.2.1
irda-utils 0.9.17-2.fc6
dejavu-lgc-fonts 2.10-1
gnome-desktop 2.16.0-1.fc6
xorg-x11-fonts-base 7.1-2.1.el5
gucharmap 1.8.0-1.fc6
gtkhtml2 2.11.0-3
xorg-x11-fonts-ISO8859-1-100dpi 7.1-2.1.el5
gnome-python2-canvas 2.16.0-1.fc6
gnome-media 2.16.1-3.el5
gnome-volume-manager 2.15.0-5.el5
xorg-x11-drv-penmount 1.1.0-2.1
xorg-x11-drv-siliconmotion 1.4.1-2.1
xorg-x11-drv-magictouch 1.0.0.5-2.1
xorg-x11-drv-digitaledge 1.1.0-1.1
xorg-x11-drv-vmware 10.13.0-2.1
xorg-x11-drv-aiptek 1.0.1-2
xorg-x11-drv-jamstudio 1.1.0-1.1
synaptics 0.14.4-8.fc6
gstreamer 0.10.20-3.el5
alsa-lib 1.0.17-1.el5
gnome-power-manager 2.16.0-10.el5
keyutils-libs-devel 1.2-1.el5
perl-IO-Socket-INET6 2.51-2.fc6
gstreamer-plugins-base 0.10.20-3.0.1.el5_3
lynx 2.8.5-28.1.el5_2.1
grep 2.5.1-55.el5
sgpio 1.2.0_10-2.el5
tftp-server 0.49-2
perl-Error 0.17010-1.el5
libXt 1.0.2-3.2.el5
cryptsetup-luks 1.0.3-8.el5
gzip 1.3.5-13.el5
checkpolicy 1.33.1-6.el5
nss_db 2.2-35.4.el5_5
sysfsutils 2.1.0-1.el5
rsh 0.17-40.el5_7.1
libsepol-devel 1.15.2-3.el5
redhat-artwork 5.0.9-2.el5
SysVinit 2.86-17.el5
hpijs 1.6.7-6.el5_6.1
cyrus-imapd-utils 2.3.7-12.el5_7.2
nautilus-extensions 2.16.2-10.el5
avahi-compat-libdns_sd 0.6.16-10.el5_6
gettext 0.17-1.el5
vino 2.13.5-9.el5
xorg-x11-drv-vesa 1.3.0-8.3.el5
xorg-x11-drv-ast 0.89.9-1.el5
gnome-screensaver 2.16.1-8.el5_7.5
comps-extras 11.4-1
poppler 0.5.4-19.el5
poppler-utils 0.5.4-19.el5
net-tools 1.60-82.el5
ecryptfs-utils 75-8.el5
libvorbis 1.1.2-3.el5_7.6
acpid 1.0.4-12.el5
netpbm-progs 10.35.58-10.el5
xorg-x11-drv-mga 1.4.13-5.el5
groff 1.18.1.1-13.el5
system-config-network-tui 1.3.99.21-1.el5
sabayon-apply 2.12.4-9.el5
cyrus-sasl-devel 2.1.22-7.el5_8.1
linuxwacom 0.7.8.3-11.2.el5_8
imake 1.0.2-3
libtool 1.5.22-7.el5_4
util-linux 2.13-0.59.el5_8
logwatch 7.3-10.el5
e2fsprogs-libs 1.39-35.el5
OpenIPMI-libs 2.0.16-16.el5
kbd 1.12-22.el5
lftp 3.7.11-8.el5
parted 1.8.1-30.el5
autofs 5.0.1-0.rc2.177.el5
mutt 1.4.2.2-6.el5
alsa-utils 1.0.17-7.el5
bind-chroot 9.3.6-20.P1.el5_8.6
gcc-c++ 4.1.2-54.el5
python-libs 2.4.3-56.el5
rhn-setup 0.4.20-86.el5
system-config-lvm 1.1.5-13.el5
kudzu 1.2.57.1.26-7
device-mapper-multipath 0.4.7-54.el5_9.1
rubygem-minitest 1.6.0-2.el5
gnutls 1.4.1-10.el5_9.1
ruby-rdoc 1.8.5-29.el5_9
rpm 4.4.2.3-32.el5_9
libjpeg 6b-37
libtermcap 2.0.8-46.1
libogg 1.1.3-3.el5
libXdmcp 1.0.1-2.1
xorg-x11-filesystem 7.1-2.fc6
libXpm 3.5.5-3
libXv 1.0.1-4.1
libXTrap 1.0.0-3.1
perl-HTML-Parser 3.55-1.fc6
libcroco 0.6.1-2.1
libnl 1.0-0.10.pre5.5
joystick 1.2.15-20.2.2
libglade2 2.6.0-2
gnome-icon-theme 2.16.0.1-4.el5
libnotify 0.4.2-6.el5
lockdev 1.0.1-10
python-elementtree 1.2.6-5
xml-common 0.6.3-18
mkbootdisk 1.5.3-2.1
system-config-rootpassword 1.1.9.1-1
minicom 2.1-3
antlr 2.7.6-4jpp.2
libgail-gnome 1.1.3-1.2.1
eel2 2.16.1-1.el5
xorg-x11-fonts-75dpi 7.1-2.1.el5
im-chooser 0.3.3-6.el5
xorg-x11-drv-elographics 1.1.0-1.1
xorg-x11-drv-chips 1.1.1-2.1
xorg-x11-drv-citron 2.2.0-1.1
xorg-x11-drv-palmax 1.1.0-1.1
xorg-x11-drv-ark 0.6.0-2.1
xorg-x11-drv-dmc 1.1.0-2
xorg-x11-drv-vmmouse 12.4.0-2.1
rhn-org-trusted-ssl-cert 1.0-2
zip 2.31-2.el5
ed 0.2-39.el5_2
words 3.0-9.1
ccid 1.3.8-1.el5
perl-Digest-SHA1 2.11-1.2.1
glib2 2.12.3-4.el5_3.1
libsoup 2.2.98-2.el5_3.1
lcms 1.18-0.1.beta1.el5_3.2
keyutils 1.2-1.el5
gnome-python2-desktop 2.16.0-3.el5
gnome-python2-gnomeprint 2.16.0-3.el5
libdbi-dbd-mysql 0.8.1a-1.2.2
libsysfs 2.1.0-1.el5
perl-NetAddr-IP 4.027-5.el5
libaio 0.3.106-5
cpuspeed 1.2.1-10.el5
talk 0.17-31.el5
dmraid 1.0.0.rc13-65.el5
metacity 2.16.0-16.el5
at 3.1.8-84.el5
wdaemon 0.14-8
tcsh 6.14-17.el5_5.2
avahi 0.6.16-10.el5_6
NetworkManager 0.7.0-13.el5
system-config-securitylevel-tui 1.6.29.1-6.el5
pyOpenSSL 0.6-2.el5
nautilus 2.16.2-10.el5
authconfig-gtk 5.3.21-7.el5
system-config-services 0.9.4-5.el5
xorg-x11-drv-evdev 1.0.0.5-5.el5
man-pages 2.39-20.el5
audit-libs 1.8-2.el5
libXcursor 1.1.7-1.2
xorg-x11-drv-i810 1.6.5-9.40.el5
pam_krb5 2.2.14-22.el5
openssh-server 4.3p2-82.el5
krb5-workstation 1.6.1-70.el5
less 436-9.el5
rhnlib 2.5.22-7.el5
sos 1.7-9.62.el5
coreutils 5.97-34.el5_8.1
libgcrypt 1.4.4-5.el5_8.2
cyrus-sasl-plain 2.1.22-7.el5_8.1
libtermcap-devel 2.0.8-46.1
tmux 1.4-3.el5.1
selinux-policy 2.4.6-338.el5
selinux-policy-devel 2.4.6-338.el5
libgcc 4.1.2-54.el5
tcl 8.4.13-6.el5
libgomp 4.4.7-1.el5
e2fsprogs 1.39-35.el5
vim-common 7.0.109-7.2.el5
microcode_ctl 1.17-3.el5
telnet 0.17-41.el5
glibc-headers 2.5-107
rhnsd 4.7.0-14.el5
rhn-check 0.4.20-86.el5
libuser 0.54.7-3.el5
mysql 5.0.95-5.el5_9
mysql-bench 5.0.95-5.el5_9
elinks 0.11.1-8.el5_9
rubygem-rubyforge 2.0.4-1.el5
ruby 1.8.5-29.el5_9
kernel-xen 2.6.18-348.2.1.el5
Expand Severity Title Port/Service
1
Ruby Installed on Host
QID:
45185
Category:
Information gathering
CVE ID:
-
Vendor Reference
Ruby
Bugtraq ID:
-
Service Modified:
01/16/2013
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Ruby is a programming language.

Ruby is installed on target host.

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
ruby 1.9.3p194 (2012-04-20 revision 35410) [i686-linux]
Expand Severity Title Port/Service
1
Internet Protocol version 6 (IPv6) Enabled on Target Host
QID:
45193
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/23/2013
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Internet Protocol version 6 (IPv6) is the latest revision of the Internet Protocol (IP), the communications protocol that routes traffic across the Internet. It is intended to replace IPv4, which still carries the vast majority of Internet traffic as of 2013.

This QID uses the registry key mentioned in Microsoft KB929852 to determine if IPv6 is enabled.

The detection works in the following way:
1) For Windows 2000,XP,2003
-- Check for existence of key "HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters"
2) For Windows Vista or 2008 or Windows 7 or Windows 8 or Windows Server 2012 and Windows RT:
-- It checks the value of "DisabledComponents" for key "HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters"
Note: This checks make use of Windows Management Instrumentation(WMI) to list IPv6 Addresses on target.

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
inet6 addr: fe80::216:36ff:fe37:ace9/64 Scope:Link
inet6 addr: ::1/128 Scope:Host
Expand Severity Title Port/Service
1
Open TCP Services List
QID:
82023
Category:
TCP/IP
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
06/15/2009
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The port scanner enables unauthorized users with the appropriate tools to draw a map of all services on this host that can be accessed from the Internet. The test was carried out with a "stealth" port scanner so that the server does not log real connections.

The Results section displays the port number (Port), the default service listening on the port (IANA Assigned Ports/Services), the description of the service (Description) and the service that the scanner detected using service discovery (Service Detected).

IMPACT:
Unauthorized users can exploit this information to test vulnerabilities in each of the open services.
SOLUTION:
Shut down any unknown or unused service on the list. If you have difficulty figuring out which service is provided by which process or program, contact your provider's support team. For more information about commercial and open-source Intrusion Detection Systems available for detecting port scanners of this kind, visit the CERT Web site.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
PortIANA Assigned Ports/ServicesDescriptionService DetectedOS On Redirected Port
22sshSSH Remote Login Protocolssh
25smtpSimple Mail Transfersmtp
465smtpssmtp protocol over TLS/SSL (was ssmtp)smtp over ssl
587submissionSubmissionsmtp
906unknownunknownimap over ssl
993imapsimap4 protocol over TLS/SSLimap over ssl
Expand Severity Title Port/Service
1
ICMP Replies Received
QID:
82040
Category:
TCP/IP
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
01/16/2003
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
ICMP (Internet Control and Error Message Protocol) is a protocol encapsulated in IP packets. ICMP's principal purpose is to provide a protocol layer that informs gateways of the inter-connectivity and accessibility of other gateways or hosts.

We have sent the following types of packets to trigger the host to send us ICMP replies:

Echo Request (to trigger Echo Reply)
Timestamp Request (to trigger Timestamp Reply)
Address Mask Request (to trigger Address Mask Reply)
UDP Packet (to trigger Port Unreachable Reply)
IP Packet with Protocol >= 250 (to trigger Protocol Unreachable Reply)

Listed in the "Result" section are the ICMP replies that we have received.

SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
ICMP Reply TypeTriggered ByAdditional Information
Echo (type=0 code=0)Echo RequestEcho Reply
Time Stamp (type=14 code=0)Time Stamp Request16:14:13 GMT
Unreachable (type=3 code=10)(Various)Destination Host Prohibited
Expand Severity Title Port/Service
1
Degree of Randomness of TCP Initial Sequence Numbers
QID:
82045
Category:
TCP/IP
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
11/19/2004
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
TCP Initial Sequence Numbers (ISNs) obtained in the SYNACK replies from the host are analyzed to determine how random they are. The average change between subsequent ISNs and the standard deviation from the average are displayed in the RESULT section. Also included is the degree of difficulty for exploitation of the TCP ISN generation scheme used by the host.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Average change between subsequent TCP initial sequence numbers is 1374517423 with a standard deviation of 656948900. These TCP initial sequence numbers were triggered by TCP SYN probes sent to the host at an average rate of 1/(7476 microseconds). The degree of difficulty to exploit the TCP initial sequence number generation scheme is: hard.
Expand Severity Title Port/Service
1
IP ID Values Randomness
QID:
82046
Category:
TCP/IP
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
07/27/2006
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The values for the identification (ID) field in IP headers in IP packets from the host are analyzed to determine how random they are. The changes between subsequent ID values for either the network byte ordering or the host byte ordering, whichever is smaller, are displayed in the RESULT section along with the duration taken to send the probes. When incremental values are used, as is the case for TCP/IP implementation in many operating systems, these changes reflect the network load of the host at the time this test was conducted.

Please note that for reliability reasons only the network traffic from open TCP ports is analyzed.

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
IP ID changes observed (network order) for port 22: 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1
Duration: 30 milli seconds
Expand Severity Title Port/Service
1
Unix User List
QID:
105085
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
01/12/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The report sections catalogs users found on the host system.
IMPACT:
Make sure that the user list adheres to your security policy, so it's not possible for unauthorized users to launch attacks from the host.
SOLUTION:
Remove or modify users to comply with your security policy.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
root
bin
daemon
adm
lp
sync
shutdown
halt
mail
news
uucp
operator
games
gopher
ftp
nobody
rpm
wnn
rpc
xfs
gdm
rpcuser
nscd
ident
radvd
postgres
apache
pcap
sshd
smmsp
desktop
canna
amanda
webalizer
postfix
pvm
radiusd
ldap
netdump
quagga
kohls
defriese
konrad
altpeter
golin
craft
kutcher
randolph
pathman
fraher
mysql
perreira
kaluzny
rohweder
bunton
sizimmer
stilden
aginginfo
ntp
akers
daaleman
pcwebserver
sstearns
mailnull
vcsa
jonsson
cmartin
gboswell
gpink
oracle
mfunk
clorenz
cahfinance
ybiblin
changepass
kwessell
bmark
cmccall
emcclain
jknop
atytell
named
yyou
jsvihula
rferrari
cyrus
rahansen
fdn_description
fdn_search
aradford
tshubert
defrieseblackberry
abiddle
wilismail
nsiebens
racvnc
kscanlon
kdonahue
emchuang
connect
suggestions
djonas
bugzilla
dreuland
dirwin
cronmail
flexmonitoring
vhawk
provider_summit
cdeleon
mweinber
dllong
jag
dcash
dsmb
kjmorgan
mdemarco
dbelsky
byorkery
nciom
dsoto
safetynet
gboyer
knauer
asblack
nciom_shared
sgreen
gqifaxpdf
kjason
coybea
cybermation
psloane
kludwig
bls
galanko
agreeley
lindako
rswells
kmccombs
crosemon
csommer
mhpalmer
ioadirectors
dbus
unc-90a98a0c606$
lpenny
unc-l3afr1z$
schsr-39ccbc954$
schsr-c43757d25$
elockamy
sakarim
djwl8lc1$
d1xl8lc1$
ddq257b1$
d7n6skc1$
dbyl8lc1$
d2yl8lc1$
d1vl8lc1$
djf13p71$
d5412sc1$
mparikh
schsr-9a7a5e3ea$
cwines
haymore
schsr-31c09a77c$
mbards
shepsseawright$
ddzns5f1$
whelan-t43-vist$
whelan-t43v$
schsr-fff6ae56e$
schsr-74335921c$
ioa-230d$
jcscott
ioa-219$
dhdwfqc1$
schsr-51a2c3054$
ioa-230bleft$
d8khyqg1$
unc-4a5812aa126$
d4tpv251$
d1p5rsb1$
lambdellxp8200$
dg886dc1$
ioa-200a$
d93w9b81$
unc-l3gl555$
ioa-105b$
ioa-101g$
schsr-599182419$
ioa-101h$
unc-acaf9e3dc99$
schsr-1c6fd5205$
dgvnfhh1$
djp35sb1$
dwadell8200$
dhn5rsb1$
d238rt51$
ioa-100c$
dfnn6g51$
dh47mfg1$
ddgjzq91$
dfkhyqg1$
d6fnlz71$
dfvnfhh1$
d1b5kjl1$
nagios
lathren
sbrode
d9znrfc1$
d9vnfhh1$
maiga
dffv8vl1$
jlund
d5gjzq91$
hgross
valuestudy
thobgood
zullig
bshackne
carrdc
schsr-a591aa0e3$
unc-ef581e47546$
projectgrace
nwabuzor
adrianm
nyrop
careshare
dakirk
ahdunbar
ejturner
dinan
df2x0sl1$
schsr-833a31266$
hramick
tobinm
brownley
zke1
sirkus
dlrosen
vpate
mabrook
lairwins
lleone
blayton
haldaemon
avahi
avahi-autoipd
shepstest$
schsr-c6d68693a$
knbrugh
smithdb
lbnewman
cmingo
neuwahl
andrelb
dboozer
vcdacost
mellingt
felixa
faurot
abauer
jipatel
majani
rapage
mykaelaw
ioa200wkstudy$
styree
delmonte
dbfranci
ncosta
beaubrun
tstrigo
wcamelo
wyss
uccchw
lmccall
aswise
stateloanrepaymentproject
guangya
blalocks
dusinger
banas
wonyull
whelan-xp$
robinms
mbush8
caim
psamai
jvtodd
stedmans
panozzo
jlauffen
mesnad
xli
cnassef
arellis
acaprio
dsmacdon
rgoyal
jder
sophia
mwhelan
vcrisis
ltleadbe
yeatts
caspian
ramirez1
willialw
btbanks
opciones
smrutled
vmcgee
jiarongw
migrator
njenkins
cjschwar
plshaw
trickett
mcclure3
kcthomas
tcrutch
morrisse
lwerner
diehl
lchanson
cllewis
menielse
lcb82
jthorp
lwcohen
gilliamm
ibroyles
wallace
ausros01
mjsteine
ears
sylee
jacobssr
sschiro
zolotor
rablanco
mckeeman
vhoffman
mcrowson
emko
sayner
mclamber
kkerwin
morrismr
esnyder
kraziarp
shava
hardykd
lcwatson
halladay
reiter
cgale
dmaher
alexanlf
cbaker88
beadles
ark99
jgroves
sbgreene
pablackw
jhasti
scobrien
shirleyf
psilberm
rewillia
maddiem
pclevela
ykchang
pergolot
akranz
asimmons
eholdsw
tbards
naheedqs
kristae
jldecler
hendrixl
asbeeber
hlongmir
taconrad
ubader
bgodley
johnstad
alsalaat
mdomino
chwillia
wilkinst
mwhelanxp-vm$
dw99
motunde
vaugh
jsdill
norel
ewsmith
otrsmail
jchunter
carameta
abanask
ssayers
rhstone
arossouw
huanl
funte
maschwim
kodaniel
clrowe
villal
harrisr
amedward
lichstei
cvoisin
bergmire
cquach
forneris
jjurkiew
aweil
spara
clgray
mgokhale
ealcorn
lwbolton
kjundt12
greenroy
bbreeve
kirsteh
ljclayto
dmcmahan
cschwarz
spearma
monitor
gauchat
ellisar
bcass
lijustin
darterjd
atley
alroddy
kaodom
mgvn
kweisner
kistler
perryjr
freburg
kandring
dfarrar
farrar
chogue
hogue
rural
curasi
vmarshal
jgmarsha
magreen
rjs
bsleath
shwillia
crmoore
ajackman
mefraser
cislo
afdalton
zweifel
ajviera
awells82
cblument
tscarey
aspden
dewalt
dsdrummo
dantefan
berman
ecschnei
vfreeman
jgarrett
geraldg
gaulk
pguild
hhadley
tandreah
maiden
gholmes
kmab
cusack
foustkv
wardkt
lcallaha
lrchisho
dimartin
lhendrsn
cutchin
mchayes
kimim
melmann
mlmannin
mkray
chelminp
dilworth
pagodley
tealr
sbd
haviland
pierson
susanrg
richarsa
sqroyste
ssherida
sophia1
mielenz
twashing
delavarr
chariyev
sheps.agilbert
sheps.agreenblatt
sheps.aknapton
sheps.bloomis
sheps.brinson
sheps.bustillo
sheps.case
sheps.cburt
sheps.ccouncil
sheps.cmb
sheps.cwilliams
sheps.dedwards
sheps.dmafa
sheps.dparker
sheps.dthigpen
sheps.dwharles
sheps.erichmond
sheps.froschd
sheps.fwilson
sheps.gperez
sheps.hbrill
sheps.herrerai
sheps.jmbrown
sheps.krolmsted
sheps.kthaler
sheps.lfrisman
sheps.llaird
sheps.lmorgan
sheps.mancudc
sheps.martino
sheps.mashok
sheps.mays
sheps.nberkman
sheps.psista
sheps.sellsworth
sheps.slloyd
sheps.speacock
sheps.stanford
sheps.sthaker
sheps.tphillips
sheps.uminn
sheps.vandy
sheps.wlanderson
sheps.zwiggins
meyera
andreay
gaynes
schoster
abunger
cherbear
gcuddeba
reedda
corbiesm
rgoetze
hlkendra
jmcarpen
garbutt
jencm
mjolles
catwoman
mpollock
ksalisbu
blamb
ljedward
rlgillia
moglesbe
shender1
wqstepha
wrc4
how
wknichol
ajwong
sheps.dnorwood
bwhitene
egw
jak
brouckso
kmlowe
liana
leshort
mandsage
pjstein
abstout
mcdshaun
talbrit
jenkins7
vansc005
yferguso
wllogan
robchris
cdejones
sheps.kien
sheps.tphillips252
lyonsman
rwicker
sheps.len
otrs
vdhandha
kost
lbanks
jkatz6
gbhamra
lauraq03
sas
sheps.schulte
dwrodrig
apgoode
lywhite
ajkatz
rey
ronakp
sheps.ncbop
sheps.ncchiroboard
sheps.ncdentalboard
sheps.ncmedboard
sheps.ncbon
sheps.ncbot
sheps.ncoptometry
sheps.ncptboard
sheps.ncbpe
sheps.ncpsych
sheps.ncrcb
jcmiddle
mbhojani
eperrin
hannap
jsonis
moloney
rsalloum
dibarnes
sheps.hng
agans
marean
rcchen
tkuo
nsheets
kgraveli
mrwaters
ecahoon
lindsayb
ywu8
melvinl
homari
nfsnobody
sabayon
aimyong
cjbarcla
chelu
akampov
amw45
sheps.jtalcott
shaw0002
slewis7
grayt
mbelden
jironali
cdmack
teharvey
kba9
lcnewton
jboortz
rdanem
elbogen
moeykens
egracef
stuermer
kmottus
kimplead
ntbrewer
defrank
mvu
elstad
amdeal
dmoore9
jrumbach
perreras
sheps.wynn
jacks
sheps.etant
pennd
tkinsey
johnmcge
ambutler
vhogan
donohuek
kzblack
rebland
tghazari
tvemily
tsnyder
wrightdc
alstar7
sheps.steixeira
sheps.achepaitis
scyker
munishi
sutkowi
sethc
ladrake
sheps.adamsj
rclevela
cdryan
slota
puppet
portal.shepscenter.unc.edu
smille
nvanderw
rees
rjdesai
cabjones
lthomps2
dlmiller
akwilli4
ais
jtnewsom
shedendl
clarkkc
mstaples
dhtaylor
martinjp
sheps.jacksonna06
eebetts
richara
naseer
linnan
jmstrong
cripps
selker
ksfox
jffarley
cfkane
ameagher
dom_qualys.scn
chantala
sbrown4
hycao
breams
rrodri24
moorekpl
hnewton
jcantrel
prasad
sheps.kcullen
portal
sheps.bartlett
shjulie
ewharris
bucknet
aodulana
tgriff
feltner
rmooneyh
sulzer
dongmeil
mbixby
meghall
ipatent
diazi
ayc2
banga
aarena
geneva
cjrowe
horsford
derekh
moonh
cjmiller
ktruesda
bbarbosa
kreederh
cedougla
mtluong
mdcob
gbushnel
rposey
kant
ckirby8
dfairbro
nellie10
laroe
blinares
sirs_servant
ekebede
goldin
elopez32
llux
jmjolley
goldberj
dlmonroe
bcarlson
pignone
dwatford
chexi
jlhongtw
ccene
cbmorris
orojas
yinl
aamoore
viswana
laping
kpearl01
jialianl
bychoi
ccrews
leila
hmwolff
sheps.mwhelan
downer
afcooper
boeprdvm4
sheitman
bmcguirt
sratner
aakinkug
massimon
nbelenky
abengtso
mborse
mconover
ccordero
mdarcy
aeudy
vgoli
akinlaw
tlliu
minm
overmar
awr
dyin
jjones86
aglockha
pawind
yenlow
jjf
cwoodell
spss
cginley
ramans
jrcarlso
ecjensen
ecobran
jamiec
kjmcderm
mkclarke
zzheng
mmkim
gjdave
mraborn
saswanso
edstephe
lwegner
lwatson
kcullen
ndollar
acdennis
lwidman
Expand Severity Title Port/Service
1
"At" Command Configuration
QID:
105143
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
03/22/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The "At" command allows users to run executables on the system at arbitrary future times. Depending on site policy, this could be considered as a security threat.

The superuser may use these commands in any case. For other users, permission to use the "at" command is determined by the files /etc/at.allow and /etc/at.deny.

If the file /etc/at.allow exists, only usernames mentioned in the file are allowed to use the "at" command. If /etc/at.allow does not exist, /etc/at.deny is checked, and every username not mentioned in it is then allowed to use the "at" command. If neither file exists, only the superuser is allowed use of the "at" command. An empty /etc/at.deny means that all users are allowed access. This is the default configuration.

Note: The Results section is formatted in the following way: It first lists the "ls -la" permissions of any /etc/at.allow or /etc/at.deny files on the target. If present, the contents of the files are "cat"ed (at.deny is typically empty, so it will show up as white space). If the "ls -la" line and the contents of the corresponding file are not shown, it means the file does not exist on the target.

IMPACT:
N/A
SOLUTION:
Please check the configuration to ensure only authorized users of the system have access to the "at" command.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
-rw------- 1 root root 1 Nov 16 2009 /etc/at.deny
Expand Severity Title Port/Service
1
Linux - Network Parameter - tcp_max_syn_backlog Value
QID:
105301
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/01/2006
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The value specifies the maximum number of remembered connection requests which have not yet received an acknowledgment from the connecting client.
IMPACT:
N/A
SOLUTION:
The Center for Internet Security recommends that the value be set to 4096.

This value can be enabled in Linux by editing the /etc/sysctl.conf to reflect the following:
net.ipv4.tcp_max_syn_backlog = 4096

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
1024
Expand Severity Title Port/Service
1
Linux - Network Parameter - rp_filter Value
QID:
105302
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/11/2006
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The rp_filter can reject incoming packets if their source address doesn't match the network interface that they're arriving on.

The conf/all/rp_filer value is boolean:

0 - No source validation.

1 - Do source validation.

IMPACT:
If source validation is enabled this helps to prevent IP spoofing.
SOLUTION:
The Center for Internet Security recommends that the value be set to 1.

This value can be enabled in Linux by editing the /etc/sysctl.conf to reflect the following:
net.ipv4.conf.all.rp_filter = 1 net.ipv4.conf.default.rp_filter = 1

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
/proc/sys/net/ipv4/conf/all/rp_filter:0
Expand Severity Title Port/Service
1
Linux - Network Parameter - accept_source_route Value
QID:
105303
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/11/2006
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The accept_source_route value specifies how to handle packets with the SSR option set.

The conf/all/accept_source_route value is boolean:

0 - Do not accept packets

1 - Accept packets

IMPACT:
N/A
SOLUTION:
The Center for Internet Security recommends that the value be set to 0.

This value can be enabled in Linux by editing the /etc/sysctl.conf to reflect the following:
net.ipv4.conf.all.accept_source_route = 0 net.ipv4.conf.default.accept_source_route = 0

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
No results available
Expand Severity Title Port/Service
1
Linux - Network Parameter - accept_redirects Value
QID:
105304
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/11/2006
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The accept_redirects variable specifies if the system should accept ICMP redirect messages.

The conf/all/accept_redirects value is boolean:

0 - Do not accept ICMP redirect messages.

1 - Accept ICMP redirect messages.

IMPACT:
N/A
SOLUTION:
The Center for Internet Security recommends that the value be set to 0.

This value can be enabled in Linux by editing the /etc/sysctl.conf to reflect the following:
net.ipv4.conf.all.accept_redirects = 0 net.ipv4.conf.default.accept_redirects = 0

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
/proc/sys/net/ipv4/conf/all/accept_redirects:1
/proc/sys/net/ipv4/conf/default/accept_redirects:1
/proc/sys/net/ipv4/conf/eth0/accept_redirects:1
Expand Severity Title Port/Service
1
Linux - Network Parameter - secure_redirects Value
QID:
105306
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/11/2006
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The secure_redirects variable specifies if the system should accept ICMP redirect messages from any host, anywhere.

The conf/all/secure_redirects value is boolean:

0 - Accept ICMP redirect messages from any host.

1 - Accept ICMP redirect messages from gateways listed in default gateway list.

IMPACT:
N/A
SOLUTION:
The Center for Internet Security recommends that the value be set to 0.

This value can be enabled in Linux by editing the /etc/sysctl.conf to reflect the following:
net.ipv4.conf.all.secure_redirects = 0 net.ipv4.conf.default.secure_redirects = 0

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
/proc/sys/net/ipv4/conf/all/secure_redirects:1
/proc/sys/net/ipv4/conf/default/secure_redirects:1
/proc/sys/net/ipv4/conf/eth0/secure_redirects:1
Expand Severity Title Port/Service
1
Unix Environment Variables
QID:
115041
Category:
Local
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
01/10/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The result section shows environment variables on the target machine.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
rvm_bin_path=/usr/local/rvm/bin
HOSTNAME=mail.schsr.unc.edu
GEM_HOME=/usr/local/rvm/gems/ruby-1.9.3-p194
TERM=vt100
SHELL=/bin/bash
HISTSIZE=1000
IRBRC=/usr/local/rvm/rubies/ruby-1.9.3-p194/.irbrc
SSH_CLIENT=152.2.20.88 52930 22
MY_RUBY_HOME=/usr/local/rvm/rubies/ruby-1.9.3-p194
SSH_TTY=/dev/pts/0
USER=monitor
LS_COLORS=no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=01;05;37;41:mi=01;05;37;41:ex=01;32:*.cmd=01;32:*.exe=01;32:*.com=01;32:*.btm=01;32:*.bat=01;32:*.sh=01;32:*.csh=01;32:*.tar=01;31:*.tgz=01;31:*.arj=01;31:*.taz=01;31:*.lzh=01;31:*.zip=01;31:*.z=01;31:*.Z=01;31:*.gz=01;31:*.bz2=01;31:*.bz=01;31:*.tz=01;31:*.rpm=01;31:*.cpio=01;31:*.jpg=01;35:*.gif=01;35:*.bmp=01;35:*.xbm=01;35:*.xpm=01;35:*.png=01;35:*.tif=01;35:
__array_start=0
rvm_path=/usr/local/rvm
escape_flag=1
rvm_prefix=/usr/local
MAIL=/var/spool/mail/monitor
PATH=/usr/local/rvm/gems/ruby-1.9.3-p194/bin:/usr/local/rvm/gems/ruby-1.9.3-p194@global/bin:/usr/local/rvm/rubies/ruby-1.9.3-p194/bin:/usr/local/rvm/bin:/usr/kerberos/bin:/usr/local/bin:/bin:/usr/bin:/mnt/files/users/monitor/bin:/sbin:/usr/sbin:/usr/local/sbin
INPUTRC=/etc/inputrc
PWD=/mnt/files/users/monitor
LANG=en_US.UTF-8
_second=1
rvm_env_string=ruby-1.9.3-p194
SSH_ASKPASS=/usr/libexec/openssh/gnome-ssh-askpass
rvm_version=1.16.6 (stable)
SHLVL=1
HOME=/mnt/files/users/monitor
rvm_ruby_string=ruby-1.9.3-p194
ORIG_PATH=/usr/local/rvm/gems/ruby-1.9.3-p194/bin:/usr/local/rvm/gems/ruby-1.9.3-p194@global/bin:/usr/local/rvm/rubies/ruby-1.9.3-p194/bin:/usr/local/rvm/bin:/usr/kerberos/bin:/usr/local/bin:/bin:/usr/bin:/mnt/files/users/monitor/bin
_first=0
LOGNAME=monitor
GEM_PATH=/usr/local/rvm/gems/ruby-1.9.3-p194:/usr/local/rvm/gems/ruby-1.9.3-p194@global
SSH_CONNECTION=152.2.20.88 52930 152.2.35.114 22
LESSOPEN=|/usr/bin/lesspipe.sh %s
RUBY_VERSION=ruby-1.9.3-p194
G_BROKEN_FILENAMES=1
_=/usr/bin/env
Expand Severity Title Port/Service
1
File System Information
QID:
115044
Category:
Local
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
01/10/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The result section lists file systems currently supported by the target host.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
nodev sysfs
nodev rootfs
nodev bdev
nodev proc
nodev cpuset
nodev binfmt_misc
nodev debugfs
nodev securityfs
nodev sockfs
nodev usbfs
nodev pipefs
nodev anon_inodefs
nodev futexfs
nodev tmpfs
nodev inotifyfs
nodev eventpollfs
nodev devpts
ext2
nodev ramfs
iso9660
nodev mqueue
ext3
nodev rpc_pipefs
nodev autofs
Expand Severity Title Port/Service
1
Hard Drive Device Information
QID:
115045
Category:
Local
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
01/10/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The results section displays the target system's current hard drives.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
/dev/VolGroup00/LogVol00 / ext3 defaults 1 1
LABEL=/boot /boot ext3 defaults 1 2
tmpfs /dev/shm tmpfs defaults 0 0
devpts /dev/pts devpts gid=5,mode=620 0 0
sysfs /sys sysfs defaults 0 0
proc /proc proc defaults 0 0
/dev/VolGroup00/LogVol01 swap swap defaults 0 0
/dev/xvdb1 /mnt/mail ext3 defaults 1 0
Expand Severity Title Port/Service
1
Disk Usage Information
QID:
115046
Category:
Local
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
01/10/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The result section shows the amount of free space left on currently mounted drives.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/mapper/VolGroup00-LogVol00
15109112 7337280 6991956 52% /
/dev/xvda1 101086 36681 59186 39% /boot
tmpfs 768092 0 768092 0% /dev/shm
/dev/xvdb1 785309856 458367840 286406976 62% /mnt/mail
Expand Severity Title Port/Service
1
Processor Information for Unix Target
QID:
115048
Category:
Local
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
11/02/2006
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The result section displays the processor information of the Unix based host system.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
processor : 0
vendor_id : GenuineIntel
cpu family : 6
model : 23
model name : Intel(R) Xeon(R) CPU E5430 @ 266GHz
stepping : 10
cpu MHz : 2660026
cache size : 6144 KB
fdiv_bug : no
hlt_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 10
wp : yes
flags : fpu tsc msr pae cx8 apic cmov pat clflush mmx fxsr sse sse2 ss nx constant_tsc pni vmx ssse3 sse4_1
bogomips : 665217

processor : 1
vendor_id : GenuineIntel
cpu family : 6
model : 23
model name : Intel(R) Xeon(R) CPU E5430 @ 266GHz
stepping : 10
cpu MHz : 2660026
cache size : 6144 KB
fdiv_bug : no
hlt_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 10
wp : yes
flags : fpu tsc msr pae cx8 apic cmov pat clflush mmx fxsr sse sse2 ss nx constant_tsc up pni vmx ssse3 sse4_1
bogomips : 665217
Expand Severity Title Port/Service
1
Memory Information
QID:
115049
Category:
Local
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
03/22/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The results section shows the total amount of free and used physical memory and swap space on the host system in megabytes. It also shows buffers and cache consumed by the kernel.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
total used free shared buffers cached
Mem: 1500 1433 66 0 352 512
-/+ buffers/cache: 568 931
Swap: 1023 0 1023
Total: 2524 1434 1090
Expand Severity Title Port/Service
1
cron.allow File Does Not Exist
QID:
115065
Category:
Local
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
06/23/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The "cron.allow" file was not found on this system.

The cron daemon runs shell commands at specified dates and times. It is executed upon system initialization and remains active while the system is operating in multi-user mode.

When the crontab command is invoked, it examines the files "cron.deny" and "cron.allow" in the system's cron directory to grant or revoke the modification of the crontab spool file. If a username appears in the "cron.allow" file, the crontab command may be executed. If that file does not exist and the user's name does not appear in the "cron.deny" file, then cron can be used.

IMPACT:
cron can potentially be invoked by users for whom it is not intended.
SOLUTION:
Check to be sure that the absence of the "cron.allow" file is in compliance with your organization's security policy.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
No results available
Expand Severity Title Port/Service
1
daemon.notice Entry Missing in syslog.conf
QID:
115068
Category:
Local
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
07/19/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The file /etc/syslog.conf contains information used by the system log daemon (syslogd) to forward a system message to appropriate log files and/or users. An entry of the form:

daemon.notice[Tab]logfile

ensures that all conditions involving daemons (such as ftpd) that are not error conditions are logged in a logfile. This entry was found to be missing from the syslog.conf file.

IMPACT:
N/A
SOLUTION:
Ensure that the absence of the daemon.notice entry is in compliance with your organization's security policy.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
*.info;mail.none;authpriv.none;cron.none /var/log/messages

authpriv.* /var/log/secure

mail.* -/var/log/mail/maillog


cron.* /var/log/cron

*.emerg *

uucp,news.crit /var/log/spooler

local7.debug /var/log/boot.log
Expand Severity Title Port/Service
1
Kernel Routing Tables Information
QID:
125000
Category:
Forensics
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
02/22/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The result section displays the kernel routing tables for the target host.
IMPACT:
N/A
SOLUTION:
Check to be sure that the information reported adheres to your security policy.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
152.2.35.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
0.0.0.0 152.2.35.1 0.0.0.0 UG 0 0 0 eth0
Expand Severity Title Port/Service
1
Host File Information
QID:
125004
Category:
Forensics
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
08/08/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The /etc/hosts file is a local database that associates the names of hosts with their Internet Protocol (IP) addresses. The hosts file can be used in conjunction with, or instead of, other hosts databases including the Domain Name System (DNS), the NIS hosts map, and the NIS+ hosts table. Programs use library interfaces to access information in the hosts file.
IMPACT:
The /etc/hosts file can be tampered with in such a way that a hostname is translated into a malicious IP.
SOLUTION:
Make sure that the configuration reported adheres to your security policy.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost
::1 localhost6.localdomain6 localhost6
152.2.35.42 schectman.schsr.unc.edu schectman s42 mail_dev
152.2.35.114 mail.schsr.unc.edu mail
152.2.35.61 web1.schsr.unc.edu s61.schsr.unc.edu s61 web1
152.2.1.5 krb0.unc.edu
152.2.1.6 krb1.unc.edu
152.2.1.7 krb2.unc.edu
152.2.1.4 krba.unc.edu
152.2.35.103 s103.schsr.unc.edu
Expand Severity Title Port/Service
1
SSL Server Information Retrieval port 25/tcp over SSL
QID:
38116
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
07/28/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:

The following is a list of supported SSL ciphers. Note: If a cipher is included in this list it means that it was possible to establish a SSL connection using that cipher. There are some web servers setups that allow connections to be established using a LOW grade cipher, only to provide a web page stating that the URL is accessible only through a non-LOW grade cipher. In this case even though LOW grade cipher will be listed here QID 38140 will not be reported.

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
SSLv2_PROTOCOL_IS_DISABLED _ _ _ _ _
SSLv3_PROTOCOL_IS_ENABLED _ _ _ _ _
SSLv3 COMPRESSION_METHOD None _ _ _
DHE-RSA-AES256-SHA DH RSA SHA1 AES(256)_ HIGH_
AES256-SHA RSA RSA SHA1 AES(256)_ HIGH_
EDH-RSA-DES-CBC3-SHA DH RSA SHA1 3DES(168)_ HIGH_
DES-CBC3-SHA RSA RSA SHA1 3DES(168)_ HIGH_
DHE-RSA-AES128-SHA DH RSA SHA1 AES(128)_ MEDIUM_
AES128-SHA RSA RSA SHA1 AES(128)_ MEDIUM_
RC4-SHA RSA RSA SHA1 RC4(128)_ MEDIUM_
RC4-MD5 RSA RSA MD5 RC4(128)_ MEDIUM_
EDH-RSA-DES-CBC-SHA DH RSA SHA1 DES(56)_ LOW_
DES-CBC-SHA RSA RSA SHA1 DES(56)_ LOW_
EXP-EDH-RSA-DES-CBC-SHA DH(512) RSA SHA1 DES(40)_ LOW_
EXP-DES-CBC-SHA RSA(512) RSA SHA1 DES(40)_ LOW_
EXP-RC2-CBC-MD5 RSA(512) RSA MD5 RC2(40)_ LOW_
EXP-RC4-MD5 RSA(512) RSA MD5 RC4(40)_ LOW_
TLSv1_PROTOCOL_IS_ENABLED _ _ _ _ _
TLSv1 COMPRESSION_METHOD None _ _ _
DHE-RSA-AES256-SHA DH RSA SHA1 AES(256) _HIGH_
AES256-SHA RSA RSA SHA1 AES(256) _HIGH_
EDH-RSA-DES-CBC3-SHA DH RSA SHA1 3DES(168) _HIGH_
DES-CBC3-SHA RSA RSA SHA1 3DES(168) _HIGH_
DHE-RSA-AES128-SHA DH RSA SHA1 AES(128) _MEDIUM_
AES128-SHA RSA RSA SHA1 AES(128) _MEDIUM_
RC4-SHA RSA RSA SHA1 RC4(128) _MEDIUM_
RC4-MD5 RSA RSA MD5 RC4(128) _MEDIUM_
EDH-RSA-DES-CBC-SHA DH RSA SHA1 DES(56) _LOW_
DES-CBC-SHA RSA RSA SHA1 DES(56) _LOW_
EXP-EDH-RSA-DES-CBC-SHA DH(512) RSA SHA1 DES(40) _LOW_
EXP-DES-CBC-SHA RSA(512) RSA SHA1 DES(40) _LOW_
EXP-RC2-CBC-MD5 RSA(512) RSA MD5 RC2(40) _LOW_
EXP-RC4-MD5 RSA(512) RSA MD5 RC4(40) _LOW_
Expand Severity Title Port/Service
1
SSL Session Caching Information port 25/tcp over SSL
QID:
38291
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
09/16/2004
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
SSL session is a collection of security parameters that are negotiated by the SSL client and server for each SSL connection. SSL session caching is targeted to reduce the overhead of negotiations in recurring SSL connections. SSL sessions can be reused to resume an earlier connection or to establish multiple simultaneous connections. The client suggests an SSL session to be reused by identifying the session with a Session-ID during SSL handshake. If the server finds it appropriate to reuse the session, then they both proceed to secure communication with already known security parameters.

This test determines if SSL session caching is enabled on the host.

IMPACT:
SSL session caching is part of the SSL and TLS protocols and is not a security threat. The result of this test is for informational purposes only.
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
SSLv3 session caching is disabled on the target.TLSv1 session caching is disabled on the target.
Expand Severity Title Port/Service
1
TLS Secure Renegotiation Extension Supported port 25/tcp over SSL
QID:
42350
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
12/01/2011
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Secure Socket Layer (SSL) and Transport Layer Security (TLS) renegotiation are vulnerable to an attack in which the attacker forms a TLS connection with the target server, injects content of his choice, and then splices in a new TLS connection from a client. The server treats the client's initial TLS handshake as a renegotiation and thus believes that the initial data transmitted by the attacker is from the same entity as the subsequent client data. TLS protocol was extended to cryptographically tierenegotiations to the TLS connections they are being performed over, This is referred to as TLS secure renegotiation extension. This detection determines whether the TLS secure renegotiation extension is supported by the server or not.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
TLS Secure Renegotiation Extension Status: supported.
Expand Severity Title Port/Service
1
SSL Certificate - Information port 25/tcp over SSL
QID:
86002
Category:
Web server
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
01/23/2003
User Modified:
-
Edited:
No
PCI Vuln:
No
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
NAMEVALUE
(0)CERTIFICATE 0
(0)Version3 (0x2)
(0)Serial Number1276797857 (0x4c1a63a1)
(0)Signature Algorithmsha1WithRSAEncryption
(0)ISSUER NAME
countryNameUS
organizationName"Entrust, Inc."
organizationalUnitNamewww.entrust.net/rpa is incorporated by reference
organizationalUnitName"(c) 2009 Entrust, Inc."
commonNameEntrust Certification Authority - L1C
(0)SUBJECT NAME
countryNameUS
stateOrProvinceNameNorth Carolina
localityNameChapel Hill
organizationNameUniversity of North Carolina at Chapel Hill
organizationalUnitNameCecil G. Sheps Center for Health Services Research
commonNamemail.schsr.unc.edu
(0)Valid FromMay 18 19:54:13 2011 GMT
(0)Valid TillJul 19 10:22:09 2015 GMT
(0)Public Key AlgorithmrsaEncryption
(0)RSA Public Key(2048 bit)
(0) Public-Key: (2048 bit)
(0) Modulus:
(0) 00:d2:70:9b:34:c8:7e:96:97:c9:27:d4:a5:05:38:
(0) 7f:3d:4b:36:cf:d8:22:46:36:2f:8c:10:df:66:09:
(0) 41:78:2f:9d:cf:62:44:1b:1d:56:27:8d:e4:e2:d2:
(0) da:e3:cb:8d:7e:75:9e:d1:5e:9e:28:69:b4:68:eb:
(0) 74:e1:75:ef:da:92:e8:20:c4:a5:c1:61:db:ce:6a:
(0) 82:48:e6:04:85:e5:ca:4b:df:c0:86:0a:6c:fd:fa:
(0) cf:11:4d:97:23:8f:5f:5b:86:e9:7e:31:24:f2:13:
(0) a2:dd:cc:45:a4:38:ed:c3:35:72:f1:55:ce:b6:6c:
(0) 1b:26:9e:1b:53:90:89:9a:8e:4b:88:84:b5:50:78:
(0) eb:94:6f:30:51:fe:d5:e4:0a:41:e4:19:6a:52:3d:
(0) 30:9d:55:1e:c3:f7:f7:ce:0b:f8:42:33:75:d9:ae:
(0) 10:1e:9d:f0:dc:d3:5e:67:05:85:81:59:e1:e6:7f:
(0) df:45:b5:f6:eb:db:61:9d:71:03:7b:64:cd:10:7f:
(0) 27:1c:ab:03:9f:8a:5e:e2:aa:01:f7:d2:b7:2d:fa:
(0) dd:cf:5b:2d:f6:c8:40:63:91:cc:4a:52:8e:de:8a:
(0) 4d:5d:fc:dd:77:79:56:78:c8:79:2a:be:89:89:e8:
(0) a0:0a:b9:7c:7a:91:8c:0e:c0:d0:4a:ba:36:5a:b3:
(0) 2a:17
(0) Exponent: 65537 (0x10001)
(0)X509v3 EXTENSIONS
(0)X509v3 Key Usage Digital Signature, Key Encipherment
(0)X509v3 Extended Key Usage TLS Web Server Authentication
(0)X509v3 CRL Distribution Points
(0) Full Name:
(0) URI:http://crl.entrust.net/level1c.crl
(0)Authority Information Access OCSP - URI:http://ocsp.entrust.net
(0)X509v3 Certificate Policies Policy: 1.2.840.113533.7.75.2
(0) CPS: http://www.entrust.net/rpa
(0)X509v3 Authority Key Identifier keyid:1E:F1:AB:89:06:F8:49:0F:01:33:77:EE:14:7A:EE:19:7C:93:28:4D
(0)X509v3 Subject Key Identifier D8:71:72:86:61:37:2E:90:E7:80:0E:0A:42:8F:8A:15:83:E1:A6:A8
(0)X509v3 Basic Constraints CA:FALSE
(0)Signature(256 octets)
(0) 02:b0:0b:1a:88:cb:d9:85:6d:88:f0:47:f6:73:25:9e
(0) 8a:a0:38:fc:6e:50:88:a4:d3:ce:1a:07:e4:1a:16:fc
(0) ad:6d:d2:26:aa:11:bb:b4:ac:27:e0:bd:20:25:09:30
(0) dc:16:9e:8e:f1:b8:c9:ec:83:f3:b5:36:f0:d2:fc:c8
(0) 87:ed:76:be:ea:1d:dc:4c:6f:79:25:15:0f:17:29:f7
(0) 08:ec:ad:43:c1:fd:a4:85:3d:f4:05:f1:dc:cf:e4:f8
(0) 48:f2:bc:2a:99:04:36:10:ed:83:bb:33:ed:8d:1b:ee
(0) 48:15:9d:2e:c5:8c:1c:c0:52:c4:87:b6:30:53:47:ba
(0) 8b:b8:01:64:19:19:f3:ac:f0:f0:0e:c4:e3:c4:43:b0
(0) 00:24:03:4a:53:25:38:c3:61:3d:bd:37:95:b5:83:86
(0) 6b:f8:f5:fd:95:53:c5:11:64:a9:07:29:07:eb:eb:11
(0) fb:ed:02:50:28:87:a6:eb:ad:16:40:44:dd:76:5d:76
(0) 56:af:f5:fc:10:79:dd:29:be:96:4f:19:89:0b:2d:f3
(0) 85:a1:55:fe:4b:80:a3:a5:af:e7:fa:56:4c:6a:8e:8a
(0) d4:82:43:2f:89:ff:16:60:e2:8b:2f:1b:65:ab:30:80
(0) bf:2b:62:94:3d:e8:07:b0:76:e6:cb:af:d6:97:38:2b
Expand Severity Title Port/Service
1
SSH daemon information retrieving port 22/tcp
QID:
38047
Category:
General remote services
CVE ID:
CVE-1999-0634
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
04/21/2009
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
SSH is a secure protocol, provided it is fully patched, properly configured, and uses FIPS approved algorithms.


For Red Hat ES 4:-

SSH1 supported					yes

Supported authentification methods for SSH1	RSA,password

Supported ciphers for SSH1			3des,blowfish

SSH2 supported					yes

Supported keys exchange algorithm for SSH2	diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

Supported decryption ciphers for SSH2		aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr

Supported encryption ciphers for SSH2		aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr

Supported decryption mac for SSH2		hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

Supported encryption mac for SSH2		hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

Supported authentification methods for SSH2	publickey,gssapi-with-mic,password

IMPACT:
Successful exploitation allows an attacker to execute arbitrary commands on the SSH server or otherwise subvert an encrypted SSH channel with arbitrary data.
SOLUTION:
SSH version 2 is preferred over SSH version 1.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
SSH1 supportedno
SSH2 supportedyes
Supported keys exchange algorithm for SSH2diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha1, diffie-hellman-group1-sha1
Supported decryption ciphers for SSH2aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se
Supported encryption ciphers for SSH2aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se
Supported decryption mac for SSH2hmac-md5, hmac-sha1, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-sha1-96, hmac-md5-96
Supported encryption mac for SSH2hmac-md5, hmac-sha1, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-sha1-96, hmac-md5-96
Supported authentication methods for SSH2password, publickey
Expand Severity Title Port/Service
1
SSH Banner port 22/tcp
QID:
38050
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
02/04/2003
User Modified:
-
Edited:
No
PCI Vuln:
No
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
SSH-2.0-OpenSSH_4.3
Expand Severity Title Port/Service
1
Unix Authentication Method port 22/tcp
QID:
38307
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
09/06/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Unix authentication was performed. The Result section in your detailed results displays the authentication method that was used for this host.

Unix authentication is used to obtain remote access to different command line services such as SSH, telnet and rlogin. Specified credentials must include a user name and may include a password, an RSA private key and/or a DSA private key. When authenticating to target hosts that support SSH2, authentication is attempted in the following order: 1) RSA key, 2) DSA key and 3) user name and password. For target hosts that only support SSH1, only the supplied user name and password are used for authentication.

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
User Namemonitor
Authentication SchemeDSA Key
ProtocolSSH Version 2
Discovery MethodLogin credentials provided by user
Using sudoNo
Authentication RecordDSA Authentication
Expand Severity Title Port/Service
1
SSL Server Information Retrieval port 993/tcp over SSL
QID:
38116
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
07/28/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:

The following is a list of supported SSL ciphers. Note: If a cipher is included in this list it means that it was possible to establish a SSL connection using that cipher. There are some web servers setups that allow connections to be established using a LOW grade cipher, only to provide a web page stating that the URL is accessible only through a non-LOW grade cipher. In this case even though LOW grade cipher will be listed here QID 38140 will not be reported.

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
CIPHERKEY-EXCHANGEAUTHENTICATIONMACENCRYPTION(KEY-STRENGTH)GRADE
SSLv2 PROTOCOL IS ENABLED
DES-CBC3-MD5RSARSAMD53DES(168) HIGH
RC4-MD5RSARSAMD5RC4(128) MEDIUM
RC2-CBC-MD5RSARSAMD5RC2(128) MEDIUM
EXP-RC4-MD5RSA(512)RSAMD5RC4(40) LOW
EXP-RC2-CBC-MD5RSA(512)RSAMD5RC2(40) LOW
DES-CBC-MD5RSARSAMD5DES(56) LOW
SSLv3 PROTOCOL IS ENABLED
SSLv3COMPRESSION METHODNone
DES-CBC3-MD5RSARSAMD53DES(168) HIGH
RC4-MD5RSARSAMD5RC4(128) MEDIUM
RC2-CBC-MD5RSARSAMD5RC2(128) MEDIUM
EXP-RC4-MD5RSA(512)RSAMD5RC4(40) LOW
EXP-RC2-CBC-MD5RSA(512)RSAMD5RC2(40) LOW
DES-CBC-MD5RSARSAMD5DES(56) LOW
AES256-SHARSARSASHA1AES(256) HIGH
DES-CBC3-SHARSARSASHA13DES(168) HIGH
AES128-SHARSARSASHA1AES(128) MEDIUM
RC4-SHARSARSASHA1RC4(128) MEDIUM
DES-CBC-SHARSARSASHA1DES(56) LOW
EXP-DES-CBC-SHARSA(512)RSASHA1DES(40) LOW
TLSv1 PROTOCOL IS ENABLED
TLSv1COMPRESSION METHODNone
DES-CBC3-MD5RSARSAMD53DES(168) HIGH
RC4-MD5RSARSAMD5RC4(128) MEDIUM
RC2-CBC-MD5RSARSAMD5RC2(128) MEDIUM
EXP-RC4-MD5RSA(512)RSAMD5RC4(40) LOW
EXP-RC2-CBC-MD5RSA(512)RSAMD5RC2(40) LOW
DES-CBC-MD5RSARSAMD5DES(56) LOW
AES256-SHARSARSASHA1AES(256) HIGH
DES-CBC3-SHARSARSASHA13DES(168) HIGH
AES128-SHARSARSASHA1AES(128) MEDIUM
RC4-SHARSARSASHA1RC4(128) MEDIUM
DES-CBC-SHARSARSASHA1DES(56) LOW
EXP-DES-CBC-SHARSA(512)RSASHA1DES(40) LOW
Expand Severity Title Port/Service
1
SSL Session Caching Information port 993/tcp over SSL
QID:
38291
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
09/16/2004
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
SSL session is a collection of security parameters that are negotiated by the SSL client and server for each SSL connection. SSL session caching is targeted to reduce the overhead of negotiations in recurring SSL connections. SSL sessions can be reused to resume an earlier connection or to establish multiple simultaneous connections. The client suggests an SSL session to be reused by identifying the session with a Session-ID during SSL handshake. If the server finds it appropriate to reuse the session, then they both proceed to secure communication with already known security parameters.

This test determines if SSL session caching is enabled on the host.

IMPACT:
SSL session caching is part of the SSL and TLS protocols and is not a security threat. The result of this test is for informational purposes only.
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
SSLv3 session caching is disabled on the target.TLSv1 session caching is disabled on the target.
Expand Severity Title Port/Service
1
SSL/TLS invalid protocol version tolerance port 993/tcp over SSL
QID:
38597
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
02/13/2012
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
SSL/TLS protocols have different version that can be supported by both the client and the server. This test attempts to send invalid protocol versions to the target in order to find out what is the targets behavior. The results section contains a table that indicates what was the target's response to each of our tests.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
my versiontarget version
03040301
03990301
0400rejected
0499rejected
Expand Severity Title Port/Service
1
TLS Secure Renegotiation Extension Supported port 993/tcp over SSL
QID:
42350
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
12/01/2011
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Secure Socket Layer (SSL) and Transport Layer Security (TLS) renegotiation are vulnerable to an attack in which the attacker forms a TLS connection with the target server, injects content of his choice, and then splices in a new TLS connection from a client. The server treats the client's initial TLS handshake as a renegotiation and thus believes that the initial data transmitted by the attacker is from the same entity as the subsequent client data. TLS protocol was extended to cryptographically tierenegotiations to the TLS connections they are being performed over, This is referred to as TLS secure renegotiation extension. This detection determines whether the TLS secure renegotiation extension is supported by the server or not.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
TLS Secure Renegotiation Extension Status: supported.
Expand Severity Title Port/Service
1
SSL Certificate - Information port 993/tcp over SSL
QID:
86002
Category:
Web server
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
01/23/2003
User Modified:
-
Edited:
No
PCI Vuln:
No
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
NAMEVALUE
(0)CERTIFICATE 0
(0)Version3 (0x2)
(0)Serial Number1276797857 (0x4c1a63a1)
(0)Signature Algorithmsha1WithRSAEncryption
(0)ISSUER NAME
countryNameUS
organizationName"Entrust, Inc."
organizationalUnitNamewww.entrust.net/rpa is incorporated by reference
organizationalUnitName"(c) 2009 Entrust, Inc."
commonNameEntrust Certification Authority - L1C
(0)SUBJECT NAME
countryNameUS
stateOrProvinceNameNorth Carolina
localityNameChapel Hill
organizationNameUniversity of North Carolina at Chapel Hill
organizationalUnitNameCecil G. Sheps Center for Health Services Research
commonNamemail.schsr.unc.edu
(0)Valid FromMay 18 19:54:13 2011 GMT
(0)Valid TillJul 19 10:22:09 2015 GMT
(0)Public Key AlgorithmrsaEncryption
(0)RSA Public Key(2048 bit)
(0) Public-Key: (2048 bit)
(0) Modulus:
(0) 00:d2:70:9b:34:c8:7e:96:97:c9:27:d4:a5:05:38:
(0) 7f:3d:4b:36:cf:d8:22:46:36:2f:8c:10:df:66:09:
(0) 41:78:2f:9d:cf:62:44:1b:1d:56:27:8d:e4:e2:d2:
(0) da:e3:cb:8d:7e:75:9e:d1:5e:9e:28:69:b4:68:eb:
(0) 74:e1:75:ef:da:92:e8:20:c4:a5:c1:61:db:ce:6a:
(0) 82:48:e6:04:85:e5:ca:4b:df:c0:86:0a:6c:fd:fa:
(0) cf:11:4d:97:23:8f:5f:5b:86:e9:7e:31:24:f2:13:
(0) a2:dd:cc:45:a4:38:ed:c3:35:72:f1:55:ce:b6:6c:
(0) 1b:26:9e:1b:53:90:89:9a:8e:4b:88:84:b5:50:78:
(0) eb:94:6f:30:51:fe:d5:e4:0a:41:e4:19:6a:52:3d:
(0) 30:9d:55:1e:c3:f7:f7:ce:0b:f8:42:33:75:d9:ae:
(0) 10:1e:9d:f0:dc:d3:5e:67:05:85:81:59:e1:e6:7f:
(0) df:45:b5:f6:eb:db:61:9d:71:03:7b:64:cd:10:7f:
(0) 27:1c:ab:03:9f:8a:5e:e2:aa:01:f7:d2:b7:2d:fa:
(0) dd:cf:5b:2d:f6:c8:40:63:91:cc:4a:52:8e:de:8a:
(0) 4d:5d:fc:dd:77:79:56:78:c8:79:2a:be:89:89:e8:
(0) a0:0a:b9:7c:7a:91:8c:0e:c0:d0:4a:ba:36:5a:b3:
(0) 2a:17
(0) Exponent: 65537 (0x10001)
(0)X509v3 EXTENSIONS
(0)X509v3 Key Usage Digital Signature, Key Encipherment
(0)X509v3 Extended Key Usage TLS Web Server Authentication
(0)X509v3 CRL Distribution Points
(0) Full Name:
(0) URI:http://crl.entrust.net/level1c.crl
(0)Authority Information Access OCSP - URI:http://ocsp.entrust.net
(0)X509v3 Certificate Policies Policy: 1.2.840.113533.7.75.2
(0) CPS: http://www.entrust.net/rpa
(0)X509v3 Authority Key Identifier keyid:1E:F1:AB:89:06:F8:49:0F:01:33:77:EE:14:7A:EE:19:7C:93:28:4D
(0)X509v3 Subject Key Identifier D8:71:72:86:61:37:2E:90:E7:80:0E:0A:42:8F:8A:15:83:E1:A6:A8
(0)X509v3 Basic Constraints CA:FALSE
(0)Signature(256 octets)
(0) 02:b0:0b:1a:88:cb:d9:85:6d:88:f0:47:f6:73:25:9e
(0) 8a:a0:38:fc:6e:50:88:a4:d3:ce:1a:07:e4:1a:16:fc
(0) ad:6d:d2:26:aa:11:bb:b4:ac:27:e0:bd:20:25:09:30
(0) dc:16:9e:8e:f1:b8:c9:ec:83:f3:b5:36:f0:d2:fc:c8
(0) 87:ed:76:be:ea:1d:dc:4c:6f:79:25:15:0f:17:29:f7
(0) 08:ec:ad:43:c1:fd:a4:85:3d:f4:05:f1:dc:cf:e4:f8
(0) 48:f2:bc:2a:99:04:36:10:ed:83:bb:33:ed:8d:1b:ee
(0) 48:15:9d:2e:c5:8c:1c:c0:52:c4:87:b6:30:53:47:ba
(0) 8b:b8:01:64:19:19:f3:ac:f0:f0:0e:c4:e3:c4:43:b0
(0) 00:24:03:4a:53:25:38:c3:61:3d:bd:37:95:b5:83:86
(0) 6b:f8:f5:fd:95:53:c5:11:64:a9:07:29:07:eb:eb:11
(0) fb:ed:02:50:28:87:a6:eb:ad:16:40:44:dd:76:5d:76
(0) 56:af:f5:fc:10:79:dd:29:be:96:4f:19:89:0b:2d:f3
(0) 85:a1:55:fe:4b:80:a3:a5:af:e7:fa:56:4c:6a:8e:8a
(0) d4:82:43:2f:89:ff:16:60:e2:8b:2f:1b:65:ab:30:80
(0) bf:2b:62:94:3d:e8:07:b0:76:e6:cb:af:d6:97:38:2b
(1)CERTIFICATE 1
(1)Version3 (0x2)
(1)Serial Number946072060 (0x3863e9fc)
(1)Signature Algorithmsha1WithRSAEncryption
(1)ISSUER NAME
organizationNameEntrust.net
organizationalUnitNamewww.entrust.net/CPS 2048 incorp. by ref. (limits liab.)
organizationalUnitName(c) 1999 Entrust.net Limited
commonNameEntrust.net Certification Authority (2048)
(1)SUBJECT NAME
countryNameUS
organizationName"Entrust, Inc."
organizationalUnitNamewww.entrust.net/rpa is incorporated by reference
organizationalUnitName"(c) 2009 Entrust, Inc."
commonNameEntrust Certification Authority - L1C
(1)Valid FromDec 10 20:43:54 2009 GMT
(1)Valid TillDec 10 21:13:54 2019 GMT
(1)Public Key AlgorithmrsaEncryption
(1)RSA Public Key(2048 bit)
(1) Public-Key: (2048 bit)
(1) Modulus:
(1) 00:97:a3:2d:3c:9e:de:05:da:13:c2:11:8d:9d:8e:
(1) e3:7f:c7:4b:7e:5a:9f:b3:ff:62:ab:73:c8:28:6b:
(1) ba:10:64:82:87:13:cd:57:18:ff:28:ce:c0:e6:0e:
(1) 06:91:50:29:83:d1:f2:c3:2a:db:d8:db:4e:04:cc:
(1) 00:eb:8b:b6:96:dc:bc:aa:fa:52:77:04:c1:db:19:
(1) e4:ae:9c:fd:3c:8b:03:ef:4d:bc:1a:03:65:f9:c1:
(1) b1:3f:72:86:f2:38:aa:19:ae:10:88:78:28:da:75:
(1) c3:3d:02:82:02:9c:b9:c1:65:77:76:24:4c:98:f7:
(1) 6d:31:38:fb:db:fe:db:37:02:76:a1:18:97:a6:cc:
(1) de:20:09:49:36:24:69:42:f6:e4:37:62:f1:59:6d:
(1) a9:3c:ed:34:9c:a3:8e:db:dc:3a:d7:f7:0a:6f:ef:
(1) 2e:d8:d5:93:5a:7a:ed:08:49:68:e2:41:e3:5a:90:
(1) c1:86:55:fc:51:43:9d:e0:b2:c4:67:b4:cb:32:31:
(1) 25:f0:54:9f:4b:d1:6f:db:d4:dd:fc:af:5e:6c:78:
(1) 90:95:de:ca:3a:48:b9:79:3c:9b:19:d6:75:05:a0:
(1) f9:88:d7:c1:e8:a5:09:e4:1a:15:dc:87:23:aa:b2:
(1) 75:8c:63:25:87:d8:f8:3d:a6:c2:cc:66:ff:a5:66:
(1) 68:55
(1) Exponent: 65537 (0x10001)
(1)X509v3 EXTENSIONS
(1)X509v3 Key Usagecritical
(1) Certificate Sign, CRL Sign
(1)X509v3 Basic Constraintscritical
(1) CA:TRUE
(1)Authority Information Access OCSP - URI:http://ocsp.entrust.net
(1)X509v3 CRL Distribution Points
(1) Full Name:
(1) URI:http://crl.entrust.net/2048ca.crl
(1)X509v3 Certificate Policies Policy: X509v3 Any Policy
(1) CPS: http://www.entrust.net/rpa
(1)X509v3 Subject Key Identifier 1E:F1:AB:89:06:F8:49:0F:01:33:77:EE:14:7A:EE:19:7C:93:28:4D
(1)X509v3 Authority Key Identifier keyid:55:E4:81:D1:11:80:BE:D8:89:B9:08:A3:31:F9:A1:24:09:16:B9:70
(1)Signature(256 octets)
(1) 07:f6:5f:82:84:7f:80:40:c7:90:34:46:42:24:03:ce
(1) 2f:ab:ba:83:9e:25:73:0d:ed:ac:05:69:c6:87:ed:a3
(1) 5c:f2:57:c1:b1:49:76:9a:4d:f2:3f:dd:e4:0e:fe:0b
(1) 3e:b9:98:d9:32:95:1d:32:f4:01:ee:9c:c8:c8:e5:3f
(1) e0:53:76:62:fc:dd:ab:6d:3d:94:90:f2:c0:b3:3c:98
(1) 27:36:5e:28:97:22:fc:1b:40:d3:2b:0d:ad:b5:57:6d
(1) df:0f:e3:4b:ef:73:02:10:65:fa:1b:d0:ac:31:d5:e3
(1) 0f:e8:ba:32:30:83:ee:4a:d0:bf:df:22:90:7a:be:ec
(1) 3a:1b:c4:49:04:1d:f1:ae:80:77:3c:42:08:db:a7:3b
(1) 28:a6:80:01:03:e6:39:a3:eb:df:80:59:1b:f3:2c:be
(1) dc:72:44:79:a0:6c:07:a5:6d:4d:44:8e:42:68:ca:94
(1) 7c:2e:36:ba:85:9e:cd:aa:c4:5e:3c:54:be:fe:2f:ea
(1) 69:9d:1c:1e:29:9b:96:d8:c8:fe:51:90:f1:24:a6:90
(1) 06:b3:f0:29:a2:ff:78:2e:77:5c:45:21:d9:44:00:31
(1) f3:be:32:4f:f5:0a:32:0d:fc:fc:ba:16:76:56:b2:d6
(1) 48:92:f2:8b:a6:3e:b7:ac:5c:69:ea:0b:3f:66:45:b9
(2)CERTIFICATE 2
(2)Version3 (0x2)
(2)Serial Number946069240 (0x3863def8)
(2)Signature Algorithmsha1WithRSAEncryption
(2)ISSUER NAME
organizationNameEntrust.net
organizationalUnitNamewww.entrust.net/CPS 2048 incorp. by ref. (limits liab.)
organizationalUnitName(c) 1999 Entrust.net Limited
commonNameEntrust.net Certification Authority (2048)
(2)SUBJECT NAME
organizationNameEntrust.net
organizationalUnitNamewww.entrust.net/CPS 2048 incorp. by ref. (limits liab.)
organizationalUnitName(c) 1999 Entrust.net Limited
commonNameEntrust.net Certification Authority (2048)
(2)Valid FromDec 24 17:50:51 1999 GMT
(2)Valid TillJul 24 14:15:12 2029 GMT
(2)Public Key AlgorithmrsaEncryption
(2)RSA Public Key(2048 bit)
(2) Public-Key: (2048 bit)
(2) Modulus:
(2) 00:ad:4d:4b:a9:12:86:b2:ea:a3:20:07:15:16:64:
(2) 2a:2b:4b:d1:bf:0b:4a:4d:8e:ed:80:76:a5:67:b7:
(2) 78:40:c0:73:42:c8:68:c0:db:53:2b:dd:5e:b8:76:
(2) 98:35:93:8b:1a:9d:7c:13:3a:0e:1f:5b:b7:1e:cf:
(2) e5:24:14:1e:b1:81:a9:8d:7d:b8:cc:6b:4b:03:f1:
(2) 02:0c:dc:ab:a5:40:24:00:7f:74:94:a1:9d:08:29:
(2) b3:88:0b:f5:87:77:9d:55:cd:e4:c3:7e:d7:6a:64:
(2) ab:85:14:86:95:5b:97:32:50:6f:3d:c8:ba:66:0c:
(2) e3:fc:bd:b8:49:c1:76:89:49:19:fd:c0:a8:bd:89:
(2) a3:67:2f:c6:9f:bc:71:19:60:b8:2d:e9:2c:c9:90:
(2) 76:66:7b:94:e2:af:78:d6:65:53:5d:3c:d6:9c:b2:
(2) cf:29:03:f9:2f:a4:50:b2:d4:48:ce:05:32:55:8a:
(2) fd:b2:64:4c:0e:e4:98:07:75:db:7f:df:b9:08:55:
(2) 60:85:30:29:f9:7b:48:a4:69:86:e3:35:3f:1e:86:
(2) 5d:7a:7a:15:bd:ef:00:8e:15:22:54:17:00:90:26:
(2) 93:bc:0e:49:68:91:bf:f8:47:d3:9d:95:42:c1:0e:
(2) 4d:df:6f:26:cf:c3:18:21:62:66:43:70:d6:d5:c0:
(2) 07:e1
(2) Exponent: 65537 (0x10001)
(2)X509v3 EXTENSIONS
(2)X509v3 Key Usagecritical
(2) Certificate Sign, CRL Sign
(2)X509v3 Basic Constraintscritical
(2) CA:TRUE
(2)X509v3 Subject Key Identifier 55:E4:81:D1:11:80:BE:D8:89:B9:08:A3:31:F9:A1:24:09:16:B9:70
(2)Signature(256 octets)
(2) 3b:9b:8f:56:9b:30:e7:53:99:7c:7a:79:a7:4d:97:d7
(2) 19:95:90:fb:06:1f:ca:33:7c:46:63:8f:96:66:24:fa
(2) 40:1b:21:27:ca:e6:72:73:f2:4f:fe:31:99:fd:c8:0c
(2) 4c:68:53:c6:80:82:13:98:fa:b6:ad:da:5d:3d:f1:ce
(2) 6e:f6:15:11:94:82:0c:ee:3f:95:af:11:ab:0f:d7:2f
(2) de:1f:03:8f:57:2c:1e:c9:bb:9a:1a:44:95:eb:18:4f
(2) a6:1f:cd:7d:57:10:2f:9b:04:09:5a:84:b5:6e:d8:1d
(2) 3a:e1:d6:9e:d1:6c:79:5e:79:1c:14:c5:e3:d0:4c:93
(2) 3b:65:3c:ed:df:3d:be:a6:e5:95:1a:c3:b5:19:c3:bd
(2) 5e:5b:bb:ff:23:ef:68:19:cb:12:93:27:5c:03:2d:6f
(2) 30:d0:1e:b6:1a:ac:de:5a:f7:d1:aa:a8:27:a6:fe:79
(2) 81:c4:79:99:33:57:ba:12:b0:a9:e0:42:6c:93:ca:56
(2) de:fe:6d:84:0b:08:8b:7e:8d:ea:d7:98:21:c6:f3:e7
(2) 3c:79:2f:5e:9c:d1:4c:15:8d:e1:ec:22:37:cc:9a:43
(2) 0b:97:dc:80:90:8d:b3:67:9b:6f:48:08:15:56:cf:bf
(2) f1:2b:7c:5e:9a:76:e9:59:90:c5:7c:83:35:11:65:51
Expand Severity Title Port/Service
1
SSL Server Information Retrieval port 465/tcp over SSL
QID:
38116
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
07/28/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:

The following is a list of supported SSL ciphers. Note: If a cipher is included in this list it means that it was possible to establish a SSL connection using that cipher. There are some web servers setups that allow connections to be established using a LOW grade cipher, only to provide a web page stating that the URL is accessible only through a non-LOW grade cipher. In this case even though LOW grade cipher will be listed here QID 38140 will not be reported.

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
SSLv2_PROTOCOL_IS_DISABLED _ _ _ _ _
SSLv3_PROTOCOL_IS_ENABLED _ _ _ _ _
SSLv3 COMPRESSION_METHOD None _ _ _
DHE-RSA-AES256-SHA DH RSA SHA1 AES(256)_ HIGH_
AES256-SHA RSA RSA SHA1 AES(256)_ HIGH_
EDH-RSA-DES-CBC3-SHA DH RSA SHA1 3DES(168)_ HIGH_
DES-CBC3-SHA RSA RSA SHA1 3DES(168)_ HIGH_
DHE-RSA-AES128-SHA DH RSA SHA1 AES(128)_ MEDIUM_
AES128-SHA RSA RSA SHA1 AES(128)_ MEDIUM_
RC4-SHA RSA RSA SHA1 RC4(128)_ MEDIUM_
RC4-MD5 RSA RSA MD5 RC4(128)_ MEDIUM_
EDH-RSA-DES-CBC-SHA DH RSA SHA1 DES(56)_ LOW_
DES-CBC-SHA RSA RSA SHA1 DES(56)_ LOW_
EXP-EDH-RSA-DES-CBC-SHA DH(512) RSA SHA1 DES(40)_ LOW_
EXP-DES-CBC-SHA RSA(512) RSA SHA1 DES(40)_ LOW_
EXP-RC2-CBC-MD5 RSA(512) RSA MD5 RC2(40)_ LOW_
EXP-RC4-MD5 RSA(512) RSA MD5 RC4(40)_ LOW_
TLSv1_PROTOCOL_IS_ENABLED _ _ _ _ _
TLSv1 COMPRESSION_METHOD None _ _ _
DHE-RSA-AES256-SHA DH RSA SHA1 AES(256) _HIGH_
AES256-SHA RSA RSA SHA1 AES(256) _HIGH_
EDH-RSA-DES-CBC3-SHA DH RSA SHA1 3DES(168) _HIGH_
DES-CBC3-SHA RSA RSA SHA1 3DES(168) _HIGH_
DHE-RSA-AES128-SHA DH RSA SHA1 AES(128) _MEDIUM_
AES128-SHA RSA RSA SHA1 AES(128) _MEDIUM_
RC4-SHA RSA RSA SHA1 RC4(128) _MEDIUM_
RC4-MD5 RSA RSA MD5 RC4(128) _MEDIUM_
EDH-RSA-DES-CBC-SHA DH RSA SHA1 DES(56) _LOW_
DES-CBC-SHA RSA RSA SHA1 DES(56) _LOW_
EXP-EDH-RSA-DES-CBC-SHA DH(512) RSA SHA1 DES(40) _LOW_
EXP-DES-CBC-SHA RSA(512) RSA SHA1 DES(40) _LOW_
EXP-RC2-CBC-MD5 RSA(512) RSA MD5 RC2(40) _LOW_
EXP-RC4-MD5 RSA(512) RSA MD5 RC4(40) _LOW_
Expand Severity Title Port/Service
1
SSL Session Caching Information port 465/tcp over SSL
QID:
38291
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
09/16/2004
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
SSL session is a collection of security parameters that are negotiated by the SSL client and server for each SSL connection. SSL session caching is targeted to reduce the overhead of negotiations in recurring SSL connections. SSL sessions can be reused to resume an earlier connection or to establish multiple simultaneous connections. The client suggests an SSL session to be reused by identifying the session with a Session-ID during SSL handshake. If the server finds it appropriate to reuse the session, then they both proceed to secure communication with already known security parameters.

This test determines if SSL session caching is enabled on the host.

IMPACT:
SSL session caching is part of the SSL and TLS protocols and is not a security threat. The result of this test is for informational purposes only.
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
SSLv3 session caching is disabled on the target.TLSv1 session caching is disabled on the target.
Expand Severity Title Port/Service
1
SSL/TLS invalid protocol version tolerance port 465/tcp over SSL
QID:
38597
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
02/13/2012
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
SSL/TLS protocols have different version that can be supported by both the client and the server. This test attempts to send invalid protocol versions to the target in order to find out what is the targets behavior. The results section contains a table that indicates what was the target's response to each of our tests.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
my versiontarget version
03040301
03990301
0400rejected
0499rejected
Expand Severity Title Port/Service
1
TLS Secure Renegotiation Extension Supported port 465/tcp over SSL
QID:
42350
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
12/01/2011
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Secure Socket Layer (SSL) and Transport Layer Security (TLS) renegotiation are vulnerable to an attack in which the attacker forms a TLS connection with the target server, injects content of his choice, and then splices in a new TLS connection from a client. The server treats the client's initial TLS handshake as a renegotiation and thus believes that the initial data transmitted by the attacker is from the same entity as the subsequent client data. TLS protocol was extended to cryptographically tierenegotiations to the TLS connections they are being performed over, This is referred to as TLS secure renegotiation extension. This detection determines whether the TLS secure renegotiation extension is supported by the server or not.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
TLS Secure Renegotiation Extension Status: supported.
Expand Severity Title Port/Service
1
SSL Certificate - Information port 465/tcp over SSL
QID:
86002
Category:
Web server
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
01/23/2003
User Modified:
-
Edited:
No
PCI Vuln:
No
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
NAMEVALUE
(0)CERTIFICATE 0
(0)Version3 (0x2)
(0)Serial Number1276797857 (0x4c1a63a1)
(0)Signature Algorithmsha1WithRSAEncryption
(0)ISSUER NAME
countryNameUS
organizationName"Entrust, Inc."
organizationalUnitNamewww.entrust.net/rpa is incorporated by reference
organizationalUnitName"(c) 2009 Entrust, Inc."
commonNameEntrust Certification Authority - L1C
(0)SUBJECT NAME
countryNameUS
stateOrProvinceNameNorth Carolina
localityNameChapel Hill
organizationNameUniversity of North Carolina at Chapel Hill
organizationalUnitNameCecil G. Sheps Center for Health Services Research
commonNamemail.schsr.unc.edu
(0)Valid FromMay 18 19:54:13 2011 GMT
(0)Valid TillJul 19 10:22:09 2015 GMT
(0)Public Key AlgorithmrsaEncryption
(0)RSA Public Key(2048 bit)
(0) Public-Key: (2048 bit)
(0) Modulus:
(0) 00:d2:70:9b:34:c8:7e:96:97:c9:27:d4:a5:05:38:
(0) 7f:3d:4b:36:cf:d8:22:46:36:2f:8c:10:df:66:09:
(0) 41:78:2f:9d:cf:62:44:1b:1d:56:27:8d:e4:e2:d2:
(0) da:e3:cb:8d:7e:75:9e:d1:5e:9e:28:69:b4:68:eb:
(0) 74:e1:75:ef:da:92:e8:20:c4:a5:c1:61:db:ce:6a:
(0) 82:48:e6:04:85:e5:ca:4b:df:c0:86:0a:6c:fd:fa:
(0) cf:11:4d:97:23:8f:5f:5b:86:e9:7e:31:24:f2:13:
(0) a2:dd:cc:45:a4:38:ed:c3:35:72:f1:55:ce:b6:6c:
(0) 1b:26:9e:1b:53:90:89:9a:8e:4b:88:84:b5:50:78:
(0) eb:94:6f:30:51:fe:d5:e4:0a:41:e4:19:6a:52:3d:
(0) 30:9d:55:1e:c3:f7:f7:ce:0b:f8:42:33:75:d9:ae:
(0) 10:1e:9d:f0:dc:d3:5e:67:05:85:81:59:e1:e6:7f:
(0) df:45:b5:f6:eb:db:61:9d:71:03:7b:64:cd:10:7f:
(0) 27:1c:ab:03:9f:8a:5e:e2:aa:01:f7:d2:b7:2d:fa:
(0) dd:cf:5b:2d:f6:c8:40:63:91:cc:4a:52:8e:de:8a:
(0) 4d:5d:fc:dd:77:79:56:78:c8:79:2a:be:89:89:e8:
(0) a0:0a:b9:7c:7a:91:8c:0e:c0:d0:4a:ba:36:5a:b3:
(0) 2a:17
(0) Exponent: 65537 (0x10001)
(0)X509v3 EXTENSIONS
(0)X509v3 Key Usage Digital Signature, Key Encipherment
(0)X509v3 Extended Key Usage TLS Web Server Authentication
(0)X509v3 CRL Distribution Points
(0) Full Name:
(0) URI:http://crl.entrust.net/level1c.crl
(0)Authority Information Access OCSP - URI:http://ocsp.entrust.net
(0)X509v3 Certificate Policies Policy: 1.2.840.113533.7.75.2
(0) CPS: http://www.entrust.net/rpa
(0)X509v3 Authority Key Identifier keyid:1E:F1:AB:89:06:F8:49:0F:01:33:77:EE:14:7A:EE:19:7C:93:28:4D
(0)X509v3 Subject Key Identifier D8:71:72:86:61:37:2E:90:E7:80:0E:0A:42:8F:8A:15:83:E1:A6:A8
(0)X509v3 Basic Constraints CA:FALSE
(0)Signature(256 octets)
(0) 02:b0:0b:1a:88:cb:d9:85:6d:88:f0:47:f6:73:25:9e
(0) 8a:a0:38:fc:6e:50:88:a4:d3:ce:1a:07:e4:1a:16:fc
(0) ad:6d:d2:26:aa:11:bb:b4:ac:27:e0:bd:20:25:09:30
(0) dc:16:9e:8e:f1:b8:c9:ec:83:f3:b5:36:f0:d2:fc:c8
(0) 87:ed:76:be:ea:1d:dc:4c:6f:79:25:15:0f:17:29:f7
(0) 08:ec:ad:43:c1:fd:a4:85:3d:f4:05:f1:dc:cf:e4:f8
(0) 48:f2:bc:2a:99:04:36:10:ed:83:bb:33:ed:8d:1b:ee
(0) 48:15:9d:2e:c5:8c:1c:c0:52:c4:87:b6:30:53:47:ba
(0) 8b:b8:01:64:19:19:f3:ac:f0:f0:0e:c4:e3:c4:43:b0
(0) 00:24:03:4a:53:25:38:c3:61:3d:bd:37:95:b5:83:86
(0) 6b:f8:f5:fd:95:53:c5:11:64:a9:07:29:07:eb:eb:11
(0) fb:ed:02:50:28:87:a6:eb:ad:16:40:44:dd:76:5d:76
(0) 56:af:f5:fc:10:79:dd:29:be:96:4f:19:89:0b:2d:f3
(0) 85:a1:55:fe:4b:80:a3:a5:af:e7:fa:56:4c:6a:8e:8a
(0) d4:82:43:2f:89:ff:16:60:e2:8b:2f:1b:65:ab:30:80
(0) bf:2b:62:94:3d:e8:07:b0:76:e6:cb:af:d6:97:38:2b
Expand Severity Title Port/Service
1
SSL Server Information Retrieval port 587/tcp over SSL
QID:
38116
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
07/28/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:

The following is a list of supported SSL ciphers. Note: If a cipher is included in this list it means that it was possible to establish a SSL connection using that cipher. There are some web servers setups that allow connections to be established using a LOW grade cipher, only to provide a web page stating that the URL is accessible only through a non-LOW grade cipher. In this case even though LOW grade cipher will be listed here QID 38140 will not be reported.

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
SSLv2_PROTOCOL_IS_DISABLED _ _ _ _ _
SSLv3_PROTOCOL_IS_ENABLED _ _ _ _ _
SSLv3 COMPRESSION_METHOD None _ _ _
DHE-RSA-AES256-SHA DH RSA SHA1 AES(256)_ HIGH_
AES256-SHA RSA RSA SHA1 AES(256)_ HIGH_
EDH-RSA-DES-CBC3-SHA DH RSA SHA1 3DES(168)_ HIGH_
DES-CBC3-SHA RSA RSA SHA1 3DES(168)_ HIGH_
DHE-RSA-AES128-SHA DH RSA SHA1 AES(128)_ MEDIUM_
AES128-SHA RSA RSA SHA1 AES(128)_ MEDIUM_
RC4-SHA RSA RSA SHA1 RC4(128)_ MEDIUM_
RC4-MD5 RSA RSA MD5 RC4(128)_ MEDIUM_
EDH-RSA-DES-CBC-SHA DH RSA SHA1 DES(56)_ LOW_
DES-CBC-SHA RSA RSA SHA1 DES(56)_ LOW_
EXP-EDH-RSA-DES-CBC-SHA DH(512) RSA SHA1 DES(40)_ LOW_
EXP-DES-CBC-SHA RSA(512) RSA SHA1 DES(40)_ LOW_
EXP-RC2-CBC-MD5 RSA(512) RSA MD5 RC2(40)_ LOW_
EXP-RC4-MD5 RSA(512) RSA MD5 RC4(40)_ LOW_
TLSv1_PROTOCOL_IS_ENABLED _ _ _ _ _
TLSv1 COMPRESSION_METHOD None _ _ _
DHE-RSA-AES256-SHA DH RSA SHA1 AES(256) _HIGH_
AES256-SHA RSA RSA SHA1 AES(256) _HIGH_
EDH-RSA-DES-CBC3-SHA DH RSA SHA1 3DES(168) _HIGH_
DES-CBC3-SHA RSA RSA SHA1 3DES(168) _HIGH_
DHE-RSA-AES128-SHA DH RSA SHA1 AES(128) _MEDIUM_
AES128-SHA RSA RSA SHA1 AES(128) _MEDIUM_
RC4-SHA RSA RSA SHA1 RC4(128) _MEDIUM_
RC4-MD5 RSA RSA MD5 RC4(128) _MEDIUM_
EDH-RSA-DES-CBC-SHA DH RSA SHA1 DES(56) _LOW_
DES-CBC-SHA RSA RSA SHA1 DES(56) _LOW_
EXP-EDH-RSA-DES-CBC-SHA DH(512) RSA SHA1 DES(40) _LOW_
EXP-DES-CBC-SHA RSA(512) RSA SHA1 DES(40) _LOW_
EXP-RC2-CBC-MD5 RSA(512) RSA MD5 RC2(40) _LOW_
EXP-RC4-MD5 RSA(512) RSA MD5 RC4(40) _LOW_
Expand Severity Title Port/Service
1
SSL Session Caching Information port 587/tcp over SSL
QID:
38291
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
09/16/2004
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
SSL session is a collection of security parameters that are negotiated by the SSL client and server for each SSL connection. SSL session caching is targeted to reduce the overhead of negotiations in recurring SSL connections. SSL sessions can be reused to resume an earlier connection or to establish multiple simultaneous connections. The client suggests an SSL session to be reused by identifying the session with a Session-ID during SSL handshake. If the server finds it appropriate to reuse the session, then they both proceed to secure communication with already known security parameters.

This test determines if SSL session caching is enabled on the host.

IMPACT:
SSL session caching is part of the SSL and TLS protocols and is not a security threat. The result of this test is for informational purposes only.
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
SSLv3 session caching is disabled on the target.TLSv1 session caching is disabled on the target.
Expand Severity Title Port/Service
1
TLS Secure Renegotiation Extension Supported port 587/tcp over SSL
QID:
42350
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
12/01/2011
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Secure Socket Layer (SSL) and Transport Layer Security (TLS) renegotiation are vulnerable to an attack in which the attacker forms a TLS connection with the target server, injects content of his choice, and then splices in a new TLS connection from a client. The server treats the client's initial TLS handshake as a renegotiation and thus believes that the initial data transmitted by the attacker is from the same entity as the subsequent client data. TLS protocol was extended to cryptographically tierenegotiations to the TLS connections they are being performed over, This is referred to as TLS secure renegotiation extension. This detection determines whether the TLS secure renegotiation extension is supported by the server or not.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
TLS Secure Renegotiation Extension Status: supported.
Expand Severity Title Port/Service
1
SSL Certificate - Information port 587/tcp over SSL
QID:
86002
Category:
Web server
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
01/23/2003
User Modified:
-
Edited:
No
PCI Vuln:
No
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
NAMEVALUE
(0)CERTIFICATE 0
(0)Version3 (0x2)
(0)Serial Number1276797857 (0x4c1a63a1)
(0)Signature Algorithmsha1WithRSAEncryption
(0)ISSUER NAME
countryNameUS
organizationName"Entrust, Inc."
organizationalUnitNamewww.entrust.net/rpa is incorporated by reference
organizationalUnitName"(c) 2009 Entrust, Inc."
commonNameEntrust Certification Authority - L1C
(0)SUBJECT NAME
countryNameUS
stateOrProvinceNameNorth Carolina
localityNameChapel Hill
organizationNameUniversity of North Carolina at Chapel Hill
organizationalUnitNameCecil G. Sheps Center for Health Services Research
commonNamemail.schsr.unc.edu
(0)Valid FromMay 18 19:54:13 2011 GMT
(0)Valid TillJul 19 10:22:09 2015 GMT
(0)Public Key AlgorithmrsaEncryption
(0)RSA Public Key(2048 bit)
(0) Public-Key: (2048 bit)
(0) Modulus:
(0) 00:d2:70:9b:34:c8:7e:96:97:c9:27:d4:a5:05:38:
(0) 7f:3d:4b:36:cf:d8:22:46:36:2f:8c:10:df:66:09:
(0) 41:78:2f:9d:cf:62:44:1b:1d:56:27:8d:e4:e2:d2:
(0) da:e3:cb:8d:7e:75:9e:d1:5e:9e:28:69:b4:68:eb:
(0) 74:e1:75:ef:da:92:e8:20:c4:a5:c1:61:db:ce:6a:
(0) 82:48:e6:04:85:e5:ca:4b:df:c0:86:0a:6c:fd:fa:
(0) cf:11:4d:97:23:8f:5f:5b:86:e9:7e:31:24:f2:13:
(0) a2:dd:cc:45:a4:38:ed:c3:35:72:f1:55:ce:b6:6c:
(0) 1b:26:9e:1b:53:90:89:9a:8e:4b:88:84:b5:50:78:
(0) eb:94:6f:30:51:fe:d5:e4:0a:41:e4:19:6a:52:3d:
(0) 30:9d:55:1e:c3:f7:f7:ce:0b:f8:42:33:75:d9:ae:
(0) 10:1e:9d:f0:dc:d3:5e:67:05:85:81:59:e1:e6:7f:
(0) df:45:b5:f6:eb:db:61:9d:71:03:7b:64:cd:10:7f:
(0) 27:1c:ab:03:9f:8a:5e:e2:aa:01:f7:d2:b7:2d:fa:
(0) dd:cf:5b:2d:f6:c8:40:63:91:cc:4a:52:8e:de:8a:
(0) 4d:5d:fc:dd:77:79:56:78:c8:79:2a:be:89:89:e8:
(0) a0:0a:b9:7c:7a:91:8c:0e:c0:d0:4a:ba:36:5a:b3:
(0) 2a:17
(0) Exponent: 65537 (0x10001)
(0)X509v3 EXTENSIONS
(0)X509v3 Key Usage Digital Signature, Key Encipherment
(0)X509v3 Extended Key Usage TLS Web Server Authentication
(0)X509v3 CRL Distribution Points
(0) Full Name:
(0) URI:http://crl.entrust.net/level1c.crl
(0)Authority Information Access OCSP - URI:http://ocsp.entrust.net
(0)X509v3 Certificate Policies Policy: 1.2.840.113533.7.75.2
(0) CPS: http://www.entrust.net/rpa
(0)X509v3 Authority Key Identifier keyid:1E:F1:AB:89:06:F8:49:0F:01:33:77:EE:14:7A:EE:19:7C:93:28:4D
(0)X509v3 Subject Key Identifier D8:71:72:86:61:37:2E:90:E7:80:0E:0A:42:8F:8A:15:83:E1:A6:A8
(0)X509v3 Basic Constraints CA:FALSE
(0)Signature(256 octets)
(0) 02:b0:0b:1a:88:cb:d9:85:6d:88:f0:47:f6:73:25:9e
(0) 8a:a0:38:fc:6e:50:88:a4:d3:ce:1a:07:e4:1a:16:fc
(0) ad:6d:d2:26:aa:11:bb:b4:ac:27:e0:bd:20:25:09:30
(0) dc:16:9e:8e:f1:b8:c9:ec:83:f3:b5:36:f0:d2:fc:c8
(0) 87:ed:76:be:ea:1d:dc:4c:6f:79:25:15:0f:17:29:f7
(0) 08:ec:ad:43:c1:fd:a4:85:3d:f4:05:f1:dc:cf:e4:f8
(0) 48:f2:bc:2a:99:04:36:10:ed:83:bb:33:ed:8d:1b:ee
(0) 48:15:9d:2e:c5:8c:1c:c0:52:c4:87:b6:30:53:47:ba
(0) 8b:b8:01:64:19:19:f3:ac:f0:f0:0e:c4:e3:c4:43:b0
(0) 00:24:03:4a:53:25:38:c3:61:3d:bd:37:95:b5:83:86
(0) 6b:f8:f5:fd:95:53:c5:11:64:a9:07:29:07:eb:eb:11
(0) fb:ed:02:50:28:87:a6:eb:ad:16:40:44:dd:76:5d:76
(0) 56:af:f5:fc:10:79:dd:29:be:96:4f:19:89:0b:2d:f3
(0) 85:a1:55:fe:4b:80:a3:a5:af:e7:fa:56:4c:6a:8e:8a
(0) d4:82:43:2f:89:ff:16:60:e2:8b:2f:1b:65:ab:30:80
(0) bf:2b:62:94:3d:e8:07:b0:76:e6:cb:af:d6:97:38:2b
Expand Severity Title Port/Service
1
SSL Server Information Retrieval port 906/tcp over SSL
QID:
38116
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
07/28/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:

The following is a list of supported SSL ciphers. Note: If a cipher is included in this list it means that it was possible to establish a SSL connection using that cipher. There are some web servers setups that allow connections to be established using a LOW grade cipher, only to provide a web page stating that the URL is accessible only through a non-LOW grade cipher. In this case even though LOW grade cipher will be listed here QID 38140 will not be reported.

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
CIPHERKEY-EXCHANGEAUTHENTICATIONMACENCRYPTION(KEY-STRENGTH)GRADE
SSLv2 PROTOCOL IS ENABLED
DES-CBC3-MD5RSARSAMD53DES(168) HIGH
RC4-MD5RSARSAMD5RC4(128) MEDIUM
RC2-CBC-MD5RSARSAMD5RC2(128) MEDIUM
EXP-RC4-MD5RSA(512)RSAMD5RC4(40) LOW
EXP-RC2-CBC-MD5RSA(512)RSAMD5RC2(40) LOW
DES-CBC-MD5RSARSAMD5DES(56) LOW
SSLv3 PROTOCOL IS ENABLED
SSLv3COMPRESSION METHODNone
DES-CBC3-MD5RSARSAMD53DES(168) HIGH
RC4-MD5RSARSAMD5RC4(128) MEDIUM
RC2-CBC-MD5RSARSAMD5RC2(128) MEDIUM
EXP-RC4-MD5RSA(512)RSAMD5RC4(40) LOW
EXP-RC2-CBC-MD5RSA(512)RSAMD5RC2(40) LOW
DES-CBC-MD5RSARSAMD5DES(56) LOW
Expand Severity Title Port/Service
1
SSL Session Caching Information port 906/tcp over SSL
QID:
38291
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
09/16/2004
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
SSL session is a collection of security parameters that are negotiated by the SSL client and server for each SSL connection. SSL session caching is targeted to reduce the overhead of negotiations in recurring SSL connections. SSL sessions can be reused to resume an earlier connection or to establish multiple simultaneous connections. The client suggests an SSL session to be reused by identifying the session with a Session-ID during SSL handshake. If the server finds it appropriate to reuse the session, then they both proceed to secure communication with already known security parameters.

This test determines if SSL session caching is enabled on the host.

IMPACT:
SSL session caching is part of the SSL and TLS protocols and is not a security threat. The result of this test is for informational purposes only.
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
SSLv3 session caching is disabled on the target.
Expand Severity Title Port/Service
1
SSL/TLS invalid protocol version tolerance port 906/tcp over SSL
QID:
38597
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
02/13/2012
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
SSL/TLS protocols have different version that can be supported by both the client and the server. This test attempts to send invalid protocol versions to the target in order to find out what is the targets behavior. The results section contains a table that indicates what was the target's response to each of our tests.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
my versiontarget version
03040301
03990301
0400rejected
0499rejected
Expand Severity Title Port/Service
1
TLS Secure Renegotiation Extension Supported port 906/tcp over SSL
QID:
42350
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
12/01/2011
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Secure Socket Layer (SSL) and Transport Layer Security (TLS) renegotiation are vulnerable to an attack in which the attacker forms a TLS connection with the target server, injects content of his choice, and then splices in a new TLS connection from a client. The server treats the client's initial TLS handshake as a renegotiation and thus believes that the initial data transmitted by the attacker is from the same entity as the subsequent client data. TLS protocol was extended to cryptographically tierenegotiations to the TLS connections they are being performed over, This is referred to as TLS secure renegotiation extension. This detection determines whether the TLS secure renegotiation extension is supported by the server or not.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
TLS Secure Renegotiation Extension Status: supported.
Expand Severity Title Port/Service
1
SSL Certificate - Information port 906/tcp over SSL
QID:
86002
Category:
Web server
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
01/23/2003
User Modified:
-
Edited:
No
PCI Vuln:
No
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
NAMEVALUE
(0)CERTIFICATE 0
(0)Version3 (0x2)
(0)Serial Number1276797857 (0x4c1a63a1)
(0)Signature Algorithmsha1WithRSAEncryption
(0)ISSUER NAME
countryNameUS
organizationName"Entrust, Inc."
organizationalUnitNamewww.entrust.net/rpa is incorporated by reference
organizationalUnitName"(c) 2009 Entrust, Inc."
commonNameEntrust Certification Authority - L1C
(0)SUBJECT NAME
countryNameUS
stateOrProvinceNameNorth Carolina
localityNameChapel Hill
organizationNameUniversity of North Carolina at Chapel Hill
organizationalUnitNameCecil G. Sheps Center for Health Services Research
commonNamemail.schsr.unc.edu
(0)Valid FromMay 18 19:54:13 2011 GMT
(0)Valid TillJul 19 10:22:09 2015 GMT
(0)Public Key AlgorithmrsaEncryption
(0)RSA Public Key(2048 bit)
(0) Public-Key: (2048 bit)
(0) Modulus:
(0) 00:d2:70:9b:34:c8:7e:96:97:c9:27:d4:a5:05:38:
(0) 7f:3d:4b:36:cf:d8:22:46:36:2f:8c:10:df:66:09:
(0) 41:78:2f:9d:cf:62:44:1b:1d:56:27:8d:e4:e2:d2:
(0) da:e3:cb:8d:7e:75:9e:d1:5e:9e:28:69:b4:68:eb:
(0) 74:e1:75:ef:da:92:e8:20:c4:a5:c1:61:db:ce:6a:
(0) 82:48:e6:04:85:e5:ca:4b:df:c0:86:0a:6c:fd:fa:
(0) cf:11:4d:97:23:8f:5f:5b:86:e9:7e:31:24:f2:13:
(0) a2:dd:cc:45:a4:38:ed:c3:35:72:f1:55:ce:b6:6c:
(0) 1b:26:9e:1b:53:90:89:9a:8e:4b:88:84:b5:50:78:
(0) eb:94:6f:30:51:fe:d5:e4:0a:41:e4:19:6a:52:3d:
(0) 30:9d:55:1e:c3:f7:f7:ce:0b:f8:42:33:75:d9:ae:
(0) 10:1e:9d:f0:dc:d3:5e:67:05:85:81:59:e1:e6:7f:
(0) df:45:b5:f6:eb:db:61:9d:71:03:7b:64:cd:10:7f:
(0) 27:1c:ab:03:9f:8a:5e:e2:aa:01:f7:d2:b7:2d:fa:
(0) dd:cf:5b:2d:f6:c8:40:63:91:cc:4a:52:8e:de:8a:
(0) 4d:5d:fc:dd:77:79:56:78:c8:79:2a:be:89:89:e8:
(0) a0:0a:b9:7c:7a:91:8c:0e:c0:d0:4a:ba:36:5a:b3:
(0) 2a:17
(0) Exponent: 65537 (0x10001)
(0)X509v3 EXTENSIONS
(0)X509v3 Key Usage Digital Signature, Key Encipherment
(0)X509v3 Extended Key Usage TLS Web Server Authentication
(0)X509v3 CRL Distribution Points
(0) Full Name:
(0) URI:http://crl.entrust.net/level1c.crl
(0)Authority Information Access OCSP - URI:http://ocsp.entrust.net
(0)X509v3 Certificate Policies Policy: 1.2.840.113533.7.75.2
(0) CPS: http://www.entrust.net/rpa
(0)X509v3 Authority Key Identifier keyid:1E:F1:AB:89:06:F8:49:0F:01:33:77:EE:14:7A:EE:19:7C:93:28:4D
(0)X509v3 Subject Key Identifier D8:71:72:86:61:37:2E:90:E7:80:0E:0A:42:8F:8A:15:83:E1:A6:A8
(0)X509v3 Basic Constraints CA:FALSE
(0)Signature(256 octets)
(0) 02:b0:0b:1a:88:cb:d9:85:6d:88:f0:47:f6:73:25:9e
(0) 8a:a0:38:fc:6e:50:88:a4:d3:ce:1a:07:e4:1a:16:fc
(0) ad:6d:d2:26:aa:11:bb:b4:ac:27:e0:bd:20:25:09:30
(0) dc:16:9e:8e:f1:b8:c9:ec:83:f3:b5:36:f0:d2:fc:c8
(0) 87:ed:76:be:ea:1d:dc:4c:6f:79:25:15:0f:17:29:f7
(0) 08:ec:ad:43:c1:fd:a4:85:3d:f4:05:f1:dc:cf:e4:f8
(0) 48:f2:bc:2a:99:04:36:10:ed:83:bb:33:ed:8d:1b:ee
(0) 48:15:9d:2e:c5:8c:1c:c0:52:c4:87:b6:30:53:47:ba
(0) 8b:b8:01:64:19:19:f3:ac:f0:f0:0e:c4:e3:c4:43:b0
(0) 00:24:03:4a:53:25:38:c3:61:3d:bd:37:95:b5:83:86
(0) 6b:f8:f5:fd:95:53:c5:11:64:a9:07:29:07:eb:eb:11
(0) fb:ed:02:50:28:87:a6:eb:ad:16:40:44:dd:76:5d:76
(0) 56:af:f5:fc:10:79:dd:29:be:96:4f:19:89:0b:2d:f3
(0) 85:a1:55:fe:4b:80:a3:a5:af:e7:fa:56:4c:6a:8e:8a
(0) d4:82:43:2f:89:ff:16:60:e2:8b:2f:1b:65:ab:30:80
(0) bf:2b:62:94:3d:e8:07:b0:76:e6:cb:af:d6:97:38:2b
(1)CERTIFICATE 1
(1)Version3 (0x2)
(1)Serial Number946072060 (0x3863e9fc)
(1)Signature Algorithmsha1WithRSAEncryption
(1)ISSUER NAME
organizationNameEntrust.net
organizationalUnitNamewww.entrust.net/CPS 2048 incorp. by ref. (limits liab.)
organizationalUnitName(c) 1999 Entrust.net Limited
commonNameEntrust.net Certification Authority (2048)
(1)SUBJECT NAME
countryNameUS
organizationName"Entrust, Inc."
organizationalUnitNamewww.entrust.net/rpa is incorporated by reference
organizationalUnitName"(c) 2009 Entrust, Inc."
commonNameEntrust Certification Authority - L1C
(1)Valid FromDec 10 20:43:54 2009 GMT
(1)Valid TillDec 10 21:13:54 2019 GMT
(1)Public Key AlgorithmrsaEncryption
(1)RSA Public Key(2048 bit)
(1) Public-Key: (2048 bit)
(1) Modulus:
(1) 00:97:a3:2d:3c:9e:de:05:da:13:c2:11:8d:9d:8e:
(1) e3:7f:c7:4b:7e:5a:9f:b3:ff:62:ab:73:c8:28:6b:
(1) ba:10:64:82:87:13:cd:57:18:ff:28:ce:c0:e6:0e:
(1) 06:91:50:29:83:d1:f2:c3:2a:db:d8:db:4e:04:cc:
(1) 00:eb:8b:b6:96:dc:bc:aa:fa:52:77:04:c1:db:19:
(1) e4:ae:9c:fd:3c:8b:03:ef:4d:bc:1a:03:65:f9:c1:
(1) b1:3f:72:86:f2:38:aa:19:ae:10:88:78:28:da:75:
(1) c3:3d:02:82:02:9c:b9:c1:65:77:76:24:4c:98:f7:
(1) 6d:31:38:fb:db:fe:db:37:02:76:a1:18:97:a6:cc:
(1) de:20:09:49:36:24:69:42:f6:e4:37:62:f1:59:6d:
(1) a9:3c:ed:34:9c:a3:8e:db:dc:3a:d7:f7:0a:6f:ef:
(1) 2e:d8:d5:93:5a:7a:ed:08:49:68:e2:41:e3:5a:90:
(1) c1:86:55:fc:51:43:9d:e0:b2:c4:67:b4:cb:32:31:
(1) 25:f0:54:9f:4b:d1:6f:db:d4:dd:fc:af:5e:6c:78:
(1) 90:95:de:ca:3a:48:b9:79:3c:9b:19:d6:75:05:a0:
(1) f9:88:d7:c1:e8:a5:09:e4:1a:15:dc:87:23:aa:b2:
(1) 75:8c:63:25:87:d8:f8:3d:a6:c2:cc:66:ff:a5:66:
(1) 68:55
(1) Exponent: 65537 (0x10001)
(1)X509v3 EXTENSIONS
(1)X509v3 Key Usagecritical
(1) Certificate Sign, CRL Sign
(1)X509v3 Basic Constraintscritical
(1) CA:TRUE
(1)Authority Information Access OCSP - URI:http://ocsp.entrust.net
(1)X509v3 CRL Distribution Points
(1) Full Name:
(1) URI:http://crl.entrust.net/2048ca.crl
(1)X509v3 Certificate Policies Policy: X509v3 Any Policy
(1) CPS: http://www.entrust.net/rpa
(1)X509v3 Subject Key Identifier 1E:F1:AB:89:06:F8:49:0F:01:33:77:EE:14:7A:EE:19:7C:93:28:4D
(1)X509v3 Authority Key Identifier keyid:55:E4:81:D1:11:80:BE:D8:89:B9:08:A3:31:F9:A1:24:09:16:B9:70
(1)Signature(256 octets)
(1) 07:f6:5f:82:84:7f:80:40:c7:90:34:46:42:24:03:ce
(1) 2f:ab:ba:83:9e:25:73:0d:ed:ac:05:69:c6:87:ed:a3
(1) 5c:f2:57:c1:b1:49:76:9a:4d:f2:3f:dd:e4:0e:fe:0b
(1) 3e:b9:98:d9:32:95:1d:32:f4:01:ee:9c:c8:c8:e5:3f
(1) e0:53:76:62:fc:dd:ab:6d:3d:94:90:f2:c0:b3:3c:98
(1) 27:36:5e:28:97:22:fc:1b:40:d3:2b:0d:ad:b5:57:6d
(1) df:0f:e3:4b:ef:73:02:10:65:fa:1b:d0:ac:31:d5:e3
(1) 0f:e8:ba:32:30:83:ee:4a:d0:bf:df:22:90:7a:be:ec
(1) 3a:1b:c4:49:04:1d:f1:ae:80:77:3c:42:08:db:a7:3b
(1) 28:a6:80:01:03:e6:39:a3:eb:df:80:59:1b:f3:2c:be
(1) dc:72:44:79:a0:6c:07:a5:6d:4d:44:8e:42:68:ca:94
(1) 7c:2e:36:ba:85:9e:cd:aa:c4:5e:3c:54:be:fe:2f:ea
(1) 69:9d:1c:1e:29:9b:96:d8:c8:fe:51:90:f1:24:a6:90
(1) 06:b3:f0:29:a2:ff:78:2e:77:5c:45:21:d9:44:00:31
(1) f3:be:32:4f:f5:0a:32:0d:fc:fc:ba:16:76:56:b2:d6
(1) 48:92:f2:8b:a6:3e:b7:ac:5c:69:ea:0b:3f:66:45:b9
(2)CERTIFICATE 2
(2)Version3 (0x2)
(2)Serial Number946069240 (0x3863def8)
(2)Signature Algorithmsha1WithRSAEncryption
(2)ISSUER NAME
organizationNameEntrust.net
organizationalUnitNamewww.entrust.net/CPS 2048 incorp. by ref. (limits liab.)
organizationalUnitName(c) 1999 Entrust.net Limited
commonNameEntrust.net Certification Authority (2048)
(2)SUBJECT NAME
organizationNameEntrust.net
organizationalUnitNamewww.entrust.net/CPS 2048 incorp. by ref. (limits liab.)
organizationalUnitName(c) 1999 Entrust.net Limited
commonNameEntrust.net Certification Authority (2048)
(2)Valid FromDec 24 17:50:51 1999 GMT
(2)Valid TillJul 24 14:15:12 2029 GMT
(2)Public Key AlgorithmrsaEncryption
(2)RSA Public Key(2048 bit)
(2) Public-Key: (2048 bit)
(2) Modulus:
(2) 00:ad:4d:4b:a9:12:86:b2:ea:a3:20:07:15:16:64:
(2) 2a:2b:4b:d1:bf:0b:4a:4d:8e:ed:80:76:a5:67:b7:
(2) 78:40:c0:73:42:c8:68:c0:db:53:2b:dd:5e:b8:76:
(2) 98:35:93:8b:1a:9d:7c:13:3a:0e:1f:5b:b7:1e:cf:
(2) e5:24:14:1e:b1:81:a9:8d:7d:b8:cc:6b:4b:03:f1:
(2) 02:0c:dc:ab:a5:40:24:00:7f:74:94:a1:9d:08:29:
(2) b3:88:0b:f5:87:77:9d:55:cd:e4:c3:7e:d7:6a:64:
(2) ab:85:14:86:95:5b:97:32:50:6f:3d:c8:ba:66:0c:
(2) e3:fc:bd:b8:49:c1:76:89:49:19:fd:c0:a8:bd:89:
(2) a3:67:2f:c6:9f:bc:71:19:60:b8:2d:e9:2c:c9:90:
(2) 76:66:7b:94:e2:af:78:d6:65:53:5d:3c:d6:9c:b2:
(2) cf:29:03:f9:2f:a4:50:b2:d4:48:ce:05:32:55:8a:
(2) fd:b2:64:4c:0e:e4:98:07:75:db:7f:df:b9:08:55:
(2) 60:85:30:29:f9:7b:48:a4:69:86:e3:35:3f:1e:86:
(2) 5d:7a:7a:15:bd:ef:00:8e:15:22:54:17:00:90:26:
(2) 93:bc:0e:49:68:91:bf:f8:47:d3:9d:95:42:c1:0e:
(2) 4d:df:6f:26:cf:c3:18:21:62:66:43:70:d6:d5:c0:
(2) 07:e1
(2) Exponent: 65537 (0x10001)
(2)X509v3 EXTENSIONS
(2)X509v3 Key Usagecritical
(2) Certificate Sign, CRL Sign
(2)X509v3 Basic Constraintscritical
(2) CA:TRUE
(2)X509v3 Subject Key Identifier 55:E4:81:D1:11:80:BE:D8:89:B9:08:A3:31:F9:A1:24:09:16:B9:70
(2)Signature(256 octets)
(2) 3b:9b:8f:56:9b:30:e7:53:99:7c:7a:79:a7:4d:97:d7
(2) 19:95:90:fb:06:1f:ca:33:7c:46:63:8f:96:66:24:fa
(2) 40:1b:21:27:ca:e6:72:73:f2:4f:fe:31:99:fd:c8:0c
(2) 4c:68:53:c6:80:82:13:98:fa:b6:ad:da:5d:3d:f1:ce
(2) 6e:f6:15:11:94:82:0c:ee:3f:95:af:11:ab:0f:d7:2f
(2) de:1f:03:8f:57:2c:1e:c9:bb:9a:1a:44:95:eb:18:4f
(2) a6:1f:cd:7d:57:10:2f:9b:04:09:5a:84:b5:6e:d8:1d
(2) 3a:e1:d6:9e:d1:6c:79:5e:79:1c:14:c5:e3:d0:4c:93
(2) 3b:65:3c:ed:df:3d:be:a6:e5:95:1a:c3:b5:19:c3:bd
(2) 5e:5b:bb:ff:23:ef:68:19:cb:12:93:27:5c:03:2d:6f
(2) 30:d0:1e:b6:1a:ac:de:5a:f7:d1:aa:a8:27:a6:fe:79
(2) 81:c4:79:99:33:57:ba:12:b0:a9:e0:42:6c:93:ca:56
(2) de:fe:6d:84:0b:08:8b:7e:8d:ea:d7:98:21:c6:f3:e7
(2) 3c:79:2f:5e:9c:d1:4c:15:8d:e1:ec:22:37:cc:9a:43
(2) 0b:97:dc:80:90:8d:b3:67:9b:6f:48:08:15:56:cf:bf
(2) f1:2b:7c:5e:9a:76:e9:59:90:c5:7c:83:35:11:65:51
Expand Severity Title Port/Service
4
OpenSSH Signal Handling Vulnerability
 
QID:
38560
Category:
General remote services
CVE ID:
CVE-2006-5051 CVE-2006-4924 CVE-2006-5052 CVE-2006-4925 CVE-2006-5229
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
02/15/2012
User Modified:
-
Edited:
No
PCI Vuln:
Yes
CVSS Base:
9.3
CVSS Temporal:
7.3
THREAT:
OpenSSH is a set of computer programs providing encrypted communication sessions over a computer network using the SSH protocol.

The following security vulnerabilities have been identified in OpenSSH:

- A signal handler race condition in OpenSSH before Version 4.4 can be exploited to cause a crash, and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free. (CVE-2006-5051)

- A denial of service vulnerability exists in sshd in OpenSSH before Version 4.4, when using the SSH protocol Version 1, because it does not properly handle duplicate incoming blocks. This can be exploited by a remote attacker to cause sshd to consume a large quantity of CPU resources. (CVE-2006-4924)

IMPACT:
If this vulnerability is successfully exploited, it can crash the OpenSSH server and potentially allow execution of arbitrary code.
SOLUTION:
Upgrade to OpenSSH 4.4 or later, available from the OpenSSH Web site http://www.openssh.org/.

Several vendors have issued fixes to resolve this issue. Below are links to the advisories which contain patch download information.

Debian GNU/Linux:
http://www.debian.org/security/2006/dsa-1189

Red Hat Linux:
http://rhn.redhat.com/errata/RHSA-2006-0697.html

SuSE Linux:
http://www.novell.com/linux/security/advisories/2006_62_openssh.html

Sun Microsystems:
https://support.oracle.com/CSP/main/article?cmd=show&type=NOT&id=1000947.1 (registration required)

Mandriva:
http://www.mandriva.com/security/advisories?name=MDKSA-2006:179

HP has released a patch to address this issue. Refer to HP's technical support document HPSBUX02178 (registration required) for further details.

Ubuntu:
http://www.ubuntu.com/usn/usn-355-1

VMware ESX Server
For ESX 3.0.0: Patch 3069097
For ESX 3.0.1: Patch 9986131

For other distributions:
Please contact your vendor for upgrade or patch information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

OpenSSH 4.4: OpenSSH (OpenSSH)

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
Reference:
CVE-2006-4924
Description:
OpenSSH <= 4.3 p1 (Duplicated Block) Remote Denial of Service Exploit - The Exploit-DB Ref : 2444
Link:
http://www.exploit-db.com/exploits/2444
Reference:
CVE-2006-5229
Description:
Portable OpenSSH <= 3.6.1p-PAM / 4.1-SUSE Timing Attack Exploit - The Exploit-DB Ref : 3303
Link:
http://www.exploit-db.com/exploits/3303
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
QID: 38560 detected on port 22 over TCP - SSH-2.0-OpenSSH_4.3
Expand Severity Title Port/Service
3
OpenSSH Plaintext Recovery Attack Against SSH Vulnerability
 
QID:
42339
Category:
General remote services
CVE ID:
CVE-2008-5161
Vendor Reference
openssh-5.2 release note
Bugtraq ID:
-
Service Modified:
09/13/2010
User Modified:
-
Edited:
No
PCI Vuln:
No
CVSS Base:
2.6
CVSS Temporal:
2
THREAT:
OpenSSH is a set of computer programs providing encrypted communication sessions over a computer network using the SSH protocol.

OpenSSH is prone to a plain text recovery attack. The issue is in the SSH protocol specification itself and exists in Secure Shell (SSH) software when used with CBC-mode ciphers.

Affected Versions:
OpenSSH Version 5.1 and earlier.

IMPACT:
This issue can be exploited by a remote unprivileged user to gain access to some of the plain text information from intercepted SSH network traffic, which would otherwise be encrypted.
SOLUTION:
Upgrade to OpenSSH 5.2 or later, available from the OpenSSH OpenSSH Download site.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

OpenSSH 5.2: OpenSSH

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
SSH-2.0-OpenSSH_4.3
Expand Severity Title Port/Service
3
OpenSSH X11 Hijacking Attack Vulnerability
 
QID:
42340
Category:
General remote services
CVE ID:
CVE-2008-1483
Vendor Reference
openssh-5.0 release note
Bugtraq ID:
-
Service Modified:
06/29/2010
User Modified:
-
Edited:
No
PCI Vuln:
Yes
CVSS Base:
6.9
CVSS Temporal:
5.4
THREAT:
OpenSSH is a set of computer programs providing encrypted communication sessions over a computer network using the SSH protocol.

OpenSSH is prone to a vulnerability that allows attackers to hijack forwarded X connections.Successfully exploiting this issue may allow an attacker run arbitrary shell commands.

Affected Versions:
OpenSSH Versions prior to 5.0 are vulnerable.

IMPACT:
Successfully exploiting this issue may allow an attacker run arbitrary shell commands with the privileges of the user running the affected application.
SOLUTION:
Upgrade to OpenSSH 5.0 or later, available from the OpenSSH OpenSSH Download site.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

OpenSSH 5.0: OpenSSH

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
SSH-2.0-OpenSSH_4.3
Expand Severity Title Port/Service
3
OpenSSH Version 4.6 and Prior X11 Cookie Privilege Escalation Vulnerability
 
QID:
42377
Category:
General remote services
CVE ID:
CVE-2007-4752 CVE-2007-2243 CVE-2008-4109
Vendor Reference
OpenSSH 4.7
Bugtraq ID:
-
Service Modified:
06/26/2013
User Modified:
-
Edited:
No
PCI Vuln:
Yes
CVSS Base:
7.5
CVSS Temporal:
5.5
THREAT:
OpenSSH is a set of computer programs providing encrypted communication sessions over a computer network using the SSH protocol.

OpenSSH is prone to a privilege escalation vulnerability because Trusted X11 cookies are created when untrusted cookies cannot be created.

OpenSSH, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists

Affected Versions:
OpenSSH Versions prior to 4.7 are vulnerable.

IMPACT:
Successfully exploiting this issue may allow an attacker to bypass security restrictions and gain elevated privileges using an untrusted X client.
SOLUTION:
Upgrade to OpenSSH 4.7 or later, available from the OpenSSH OpenSSH 4.7 release notes.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

OpenSSH 4.7

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
SSH-2.0-OpenSSH_4.3
Expand Severity Title Port/Service
3
OpenSSH X11 Forwarding Information Disclosure
 
QID:
42378
Category:
General remote services
CVE ID:
CVE-2008-3259
Vendor Reference
OpenSSH 5.1
Bugtraq ID:
-
Service Modified:
04/26/2012
User Modified:
-
Edited:
No
PCI Vuln:
No
CVSS Base:
1.2
CVSS Temporal:
.9
THREAT:
OpenSSH is a set of computer programs providing encrypted communication sessions over a computer network using the SSH protocol.

OpenSSH is exposed to an information disclosure vulnerability caused by an error when binding to previously bound ports that have the SO_REUSEADDR option enabled and the sshd_config X11UseLocalhost option set to no.

Affected Versions:
OpenSSH Versions prior to 5.1 are vulnerable.

IMPACT:
Successfully exploiting this issue may allow an attacker to obtain sensitive information on systems where effective user-id or overlapping bind address checks are not present.
SOLUTION:
Upgrade to OpenSSH 5.1 or later, available from the OpenSSH OpenSSH 5.1 release notes.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

OpenSSH 5.1

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
SSH-2.0-OpenSSH_4.3
Expand Severity Title Port/Service
3
OpenSSH Commands Information Disclosure Vulnerability
 
QID:
42382
Category:
General remote services
CVE ID:
CVE-2012-0814
Vendor Reference
OpenSSH Forced Command Information Disclosure
Bugtraq ID:
-
Service Modified:
05/10/2012
User Modified:
-
Edited:
No
PCI Vuln:
No
CVSS Base:
3.5
CVSS Temporal:
2.6
THREAT:
OpenSSH is a set of computer programs providing encrypted communication sessions over a computer network using the SSH protocol.

Openssh-server could allow a remote attacker to obtain sensitive information because of the improper handling of forced commands.

IMPACT:
Only authenticated users can exploit this vulnerability to obtain usernames and other sensitive information.
SOLUTION:
Upgrade to OpenSSH 5.7 or later, available from the OpenSSH Web site.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

OpenSSH 5.7 (OpenSSH)

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
SSH-2.0-OpenSSH_4.3
Expand Severity Title Port/Service
3
OpenSSH J-PAKE Session Key Retrieval Vulnerability
 
QID:
42384
Category:
General remote services
CVE ID:
CVE-2010-4478
Vendor Reference
OpenSSH J-PAKE
Bugtraq ID:
45304
Service Modified:
03/01/2013
User Modified:
-
Edited:
No
PCI Vuln:
Yes
CVSS Base:
7.5
CVSS Temporal:
5.5
THREAT:
OpenSSH is a set of computer programs providing encrypted communication sessions over a computer network using the SSH protocol.

OpenSSH, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol. This allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol.

Affected Software:
OpenSSH versions 5.6 and prior.

IMPACT:
Successful exploitation allows attacker to get access to the remote system.
SOLUTION:
Upgrade to OpenSSH 5.7 or later, available from the OpenSSH Web site.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

OpenSSH J-PAKE

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
SSH-2.0-OpenSSH_4.3
Expand Severity Title Port/Service
3
OpenSSH-Portable GSSAPI Authentication Abort Information Disclosure Vulnerability
 
QID:
42387
Category:
General remote services
CVE ID:
CVE-2006-5052
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
06/22/2012
User Modified:
-
Edited:
No
PCI Vuln:
Yes
CVSS Base:
5
CVSS Temporal:
3.9
THREAT:
OpenSSH is a set of computer programs providing encrypted communication sessions over a computer network using the SSH protocol.

An information disclosure weakness exists in portable OpenSSH. When running on some platforms, OpenSSH allows remote attackers to determine the validity of usernames via unknown vectors involving a GSSAPI "authentication abort."
Affected Versions:
OpenSSH Versions prior to 4.4.

IMPACT:
Attackers may leverage a GSSAPI authentication abort to determine the presence and validity of usernames on unspecified platforms.
This issue occurs when OpenSSH-Portable is configured to accept GSSAPI authentication.
SOLUTION:
The vendor has released update to resolve this issues.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

OpenSSH 4.4

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
SSH-2.0-OpenSSH_4.3
Expand Severity Title Port/Service
2
OpenSSH ForceCommand Bypass Vulnerability
 
QID:
42375
Category:
General remote services
CVE ID:
CVE-2008-1657
Vendor Reference
OpenSSH 4.9
Bugtraq ID:
-
Service Modified:
05/03/2012
User Modified:
-
Edited:
No
PCI Vuln:
Yes
CVSS Base:
6.5
CVSS Temporal:
4.8
THREAT:
OpenSSH is a set of computer programs providing encrypted communication sessions over a computer network using the SSH protocol.

OpenSSH is prone to a security bypass vulnerability caused by an improper implementation of the "ForceCommand" directive. This can be exploited to execute arbitrary commands via the ~/.ssh/rc file even if a "ForceCommand" directive is in effect.

Affected Software:
OpenSSH 4.x Versions prior to 4.9 are affected

IMPACT:
Successful exploitation allows malicious, local users to bypass certain security restrictions.
SOLUTION:
Vendor has released update (OpenSSH 4.9 or later) to resolve this issues.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

OpenSSH 4.9

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
SSH-2.0-OpenSSH_4.3
Expand Severity Title Port/Service
2
OpenSSH Privilege Separation Monitor Vulnerability
 
QID:
42376
Category:
General remote services
CVE ID:
CVE-2006-5794
Vendor Reference
OpenSSH 4.5
Bugtraq ID:
-
Service Modified:
05/03/2012
User Modified:
-
Edited:
No
PCI Vuln:
Yes
CVSS Base:
7.5
CVSS Temporal:
5.5
THREAT:
OpenSSH is a set of computer programs providing encrypted communication sessions over a computer network using the SSH protocol.

OpenSSH is prone to a privilege escalation vulnerability caused by an error within the privilege separation monitor, which may weaken the authentication process.

Affected Software:
OpenSSH versions prior to 4.5 are effected

IMPACT:
Successful exploitation allows malicious people to bypass certain security restrictions.
SOLUTION:
Vendor has released update (OpenSSH 4.5 or later) to resolve this issue.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

OpenSSH 4.5

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
SSH-2.0-OpenSSH_4.3
Expand Severity Title Port/Service
3
Remote Access or Management Service Detected
QID:
42017
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
10/17/2011
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
A remote access or remote management service was detected. If such a service is accessible to malicious users it can be used to carry different type of attacks. Malicious users could try to brute force credentials or collect additional information on the service which could enable them in crafting further attacks.

The Results section includes information on the remote access service that was found on the target.

Services like Telnet, Rlogin, SSH, windows remote desktop, pcAnywhere, Citrix Management Console, Remote Admin (RAdmin), VNC, OPENVPN and ISAKMP are checked.

IMPACT:
Consequences vary by the type of attack.
SOLUTION:
Expose the remote access or remote management services only to the system administrators or intended users of the system.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Service name: SSH on TCP port 22.
Expand Severity Title Port/Service
2
Operating System Detected
QID:
45017
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
02/09/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Several different techniques can be used to identify the operating system (OS) running on a host. A short description of these techniques is provided below. The specific technique used to identify the OS on this host is included in the RESULTS section of your report.

1) TCP/IP Fingerprint: The operating system of a host can be identified from a remote system using TCP/IP fingerprinting. All underlying operating system TCP/IP stacks have subtle differences that can be seen in their responses to specially-crafted TCP packets. According to the results of this "fingerprinting" technique, the OS version is among those listed below.

Note that if one or more of these subtle differences are modified by a firewall or a packet filtering device between the scanner and the host, the fingerprinting technique may fail. Consequently, the version of the OS may not be detected correctly. If the host is behind a proxy-type firewall, the version of the operating system detected may be that for the firewall instead of for the host being scanned.

2) NetBIOS: Short for Network Basic Input Output System, an application programming interface (API) that augments the DOS BIOS by adding special functions for local-area networks (LANs). Almost all LANs for PCs are based on the NetBIOS. Some LAN manufacturers have even extended it, adding additional network capabilities. NetBIOS relies on a message format called Server Message Block (SMB).

3) PHP Info: PHP is a hypertext pre-processor, an open-source, server-side, HTML-embedded scripting language used to create dynamic Web pages. Under some configurations it is possible to call PHP functions like phpinfo() and obtain operating system information.

4) SNMP: The Simple Network Monitoring Protocol is used to monitor hosts, routers, and the networks to which they attach. The SNMP service maintains Management Information Base (MIB), a set of variables (database) that can be fetched by Managers. These include "MIB_II.system.sysDescr" for the operating system.

IMPACT:
Not applicable.
SOLUTION:
Not applicable.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Operating SystemTechniqueID
Linux 2.4-2.6 / Embedded Device / F5 Networks Big-IPTCP/IP FingerprintU1141:22
Expand Severity Title Port/Service
1
DNS Host Name
QID:
6
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
01/01/1999
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The fully qualified domain name of this host, if it was obtained from a DNS server, is displayed in the RESULT section.
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
IP addressHost name
152.2.35.186s186.schsr.unc.edu
Expand Severity Title Port/Service
1
Firewall Detected
QID:
34011
Category:
Firewall
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
10/16/2001
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
A packet filtering device protecting this IP was detected. This is likely to be a firewall or a router using access control lists (ACLs).
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Some of the ports filtered by the firewall are: 20, 21, 23, 25, 53, 80, 111, 135, 443, 445.

Listed below are the ports filtered by the firewall.
No response has been received when any of these ports is probed.
1-21,23-630,632-6128,6130-65535
Expand Severity Title Port/Service
1
Target Network Information
QID:
45004
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
08/15/2013
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The information shown in the Result section was returned by the network infrastructure responsible for routing traffic from our cloud platform to the target network (where the scanner appliance is located).

This information was returned from: 1) the WHOIS service, or 2) the infrastructure provided by the closest gateway server to our cloud platform. If your ISP is routing traffic, your ISP's gateway server returned this information.

IMPACT:
This information can be used by malicious users to gather more information about the network infrastructure that may help in launching attacks against it.
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
The network handle is: UNCCH-NET
Network description:
University of North Carolina at Chapel Hill
Expand Severity Title Port/Service
1
Internet Service Provider
QID:
45005
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
08/15/2013
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The information shown in the Result section was returned by the network infrastructure responsible for routing traffic from our cloud platform to the target network (where the scanner appliance is located).

This information was returned from: 1) the WHOIS service, or 2) the infrastructure provided by the closest gateway server to our cloud platform. If your ISP is routing traffic, your ISP's gateway server returned this information.This information was gathered using the WHOIS service for the network and is believed to be the ISP of the target network.

IMPACT:
This information can be used by malicious users to gather more information about the network infrastructure that may aid in launching further attacks against it.
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
The ISP network handle is: UNCCH-NET
ISP Network description:
University of North Carolina at Chapel Hill
Expand Severity Title Port/Service
1
Traceroute
QID:
45006
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/09/2003
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Traceroute describes the path in realtime from the scanner to the remote host being contacted. It reports the IP addresses of all the routers in between.
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
HopsIPRound Trip TimeProbe
1152.2.20.10.63msICMP
2152.19.253.1061.18msICMP
3152.19.255.170.99msICMP
4152.19.255.2101.64msICMP
5152.2.35.1861.15msICMP
Expand Severity Title Port/Service
1
Host Scan Time
QID:
45038
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
11/18/2004
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The Host Scan Time is the period of time it takes the scanning engine to perform the vulnerability assessment of a single target host. The Host Scan Time for this host is reported in the Result section below.

The Host Scan Time does not have a direct correlation to the Duration time as displayed in the Report Summary section of a scan results report. The Duration is the period of time it takes the service to perform a scan task. The Duration includes the time it takes the service to scan all hosts, which may involve parallel scanning. It also includes the time it takes for a scanner appliance to pick up the scan task and transfer the results back to the service's Secure Operating Center. Further, when a scan task is distributed across multiple scanners, the Duration includes the time it takes to perform parallel host scanning on all scanners.

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Scan duration: 2381 seconds

Start time: Sat, Mar 23 2013, 19:37:49 GMT

End time: Sat, Mar 23 2013, 20:17:30 GMT
Expand Severity Title Port/Service
1
Host Names Found
QID:
45039
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
02/14/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The following host names were discovered for this computer using various methods such as DNS look up, NetBIOS query, and SQL server name query.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Host NameSource
s186.schsr.unc.eduFQDN
Expand Severity Title Port/Service
1
Open TCP Services List
QID:
82023
Category:
TCP/IP
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
06/15/2009
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The port scanner enables unauthorized users with the appropriate tools to draw a map of all services on this host that can be accessed from the Internet. The test was carried out with a "stealth" port scanner so that the server does not log real connections.

The Results section displays the port number (Port), the default service listening on the port (IANA Assigned Ports/Services), the description of the service (Description) and the service that the scanner detected using service discovery (Service Detected).

IMPACT:
Unauthorized users can exploit this information to test vulnerabilities in each of the open services.
SOLUTION:
Shut down any unknown or unused service on the list. If you have difficulty figuring out which service is provided by which process or program, contact your provider's support team. For more information about commercial and open-source Intrusion Detection Systems available for detecting port scanners of this kind, visit the CERT Web site.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
PortIANA Assigned Ports/ServicesDescriptionService DetectedOS On Redirected Port
22sshSSH Remote Login Protocolssh
Expand Severity Title Port/Service
1
ICMP Replies Received
QID:
82040
Category:
TCP/IP
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
01/16/2003
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
ICMP (Internet Control and Error Message Protocol) is a protocol encapsulated in IP packets. ICMP's principal purpose is to provide a protocol layer that informs gateways of the inter-connectivity and accessibility of other gateways or hosts.

We have sent the following types of packets to trigger the host to send us ICMP replies:

Echo Request (to trigger Echo Reply)
Timestamp Request (to trigger Timestamp Reply)
Address Mask Request (to trigger Address Mask Reply)
UDP Packet (to trigger Port Unreachable Reply)
IP Packet with Protocol >= 250 (to trigger Protocol Unreachable Reply)

Listed in the "Result" section are the ICMP replies that we have received.

SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
ICMP Reply TypeTriggered ByAdditional Information
Echo (type=0 code=0)Echo RequestEcho Reply
Time Stamp (type=14 code=0)Time Stamp Request19:37:53 GMT
Unreachable (type=3 code=10)(Various)Destination Host Prohibited
Expand Severity Title Port/Service
1
Degree of Randomness of TCP Initial Sequence Numbers
QID:
82045
Category:
TCP/IP
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
11/19/2004
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
TCP Initial Sequence Numbers (ISNs) obtained in the SYNACK replies from the host are analyzed to determine how random they are. The average change between subsequent ISNs and the standard deviation from the average are displayed in the RESULT section. Also included is the degree of difficulty for exploitation of the TCP ISN generation scheme used by the host.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Average change between subsequent TCP initial sequence numbers is 1025815115 with a standard deviation of 697242741. These TCP initial sequence numbers were triggered by TCP SYN probes sent to the host at an average rate of 1/(6997 microseconds). The degree of difficulty to exploit the TCP initial sequence number generation scheme is: hard.
Expand Severity Title Port/Service
1
IP ID Values Randomness
QID:
82046
Category:
TCP/IP
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
07/27/2006
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The values for the identification (ID) field in IP headers in IP packets from the host are analyzed to determine how random they are. The changes between subsequent ID values for either the network byte ordering or the host byte ordering, whichever is smaller, are displayed in the RESULT section along with the duration taken to send the probes. When incremental values are used, as is the case for TCP/IP implementation in many operating systems, these changes reflect the network load of the host at the time this test was conducted.

Please note that for reliability reasons only the network traffic from open TCP ports is analyzed.

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
IP ID changes observed (network order) for port 22: 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1
Duration: 30 milli seconds
Expand Severity Title Port/Service
1
Unix Authentication Failed
QID:
105053
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
08/12/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Unix authentication was enabled during the scan but login attempts using the credentials specified in the Unix authentication record failed for this host. Login attempts were made for all discovered and approved command line services.

Unix authentication is used to obtain remote access to different command line services such as SSH, telnet and rlogin. Specified credentials must include a user name and may include a password, an RSA private key and/or DSA private key.

IMPACT:
Vulnerabilities that require Unix authentication may not be detected.
SOLUTION:
Verify that the authentication credentials defined in the Unix authentication record are valid for this host. For Unix authentication using private keys, verify that the host contains corresponding public keys. Also verify that a command line daemon service on the host permits network login attempts.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
ServiceSSH
User Namemonitor
Authentication RecordDSA Authentication
Expand Severity Title Port/Service
1
SSH daemon information retrieving port 22/tcp
QID:
38047
Category:
General remote services
CVE ID:
CVE-1999-0634
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
04/21/2009
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
SSH is a secure protocol, provided it is fully patched, properly configured, and uses FIPS approved algorithms.


For Red Hat ES 4:-

SSH1 supported					yes

Supported authentification methods for SSH1	RSA,password

Supported ciphers for SSH1			3des,blowfish

SSH2 supported					yes

Supported keys exchange algorithm for SSH2	diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

Supported decryption ciphers for SSH2		aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr

Supported encryption ciphers for SSH2		aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr

Supported decryption mac for SSH2		hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

Supported encryption mac for SSH2		hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

Supported authentification methods for SSH2	publickey,gssapi-with-mic,password

IMPACT:
Successful exploitation allows an attacker to execute arbitrary commands on the SSH server or otherwise subvert an encrypted SSH channel with arbitrary data.
SOLUTION:
SSH version 2 is preferred over SSH version 1.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
SSH1 supportedno
SSH2 supportedyes
Supported keys exchange algorithm for SSH2diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha1, diffie-hellman-group1-sha1
Supported decryption ciphers for SSH2aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se
Supported encryption ciphers for SSH2aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se
Supported decryption mac for SSH2hmac-md5, hmac-sha1, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-sha1-96, hmac-md5-96
Supported encryption mac for SSH2hmac-md5, hmac-sha1, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-sha1-96, hmac-md5-96
Supported authentication methods for SSH2password, publickey
Expand Severity Title Port/Service
1
SSH Banner port 22/tcp
QID:
38050
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
02/04/2003
User Modified:
-
Edited:
No
PCI Vuln:
No
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
SSH-2.0-OpenSSH_4.3
Expand Severity Title Port/Service
4
Red Hat Update for Kernel (RHSA-2013-0630)
 
QID:
121017
Category:
Local
CVE ID:
CVE-2013-0228 CVE-2013-0268
Vendor Reference
RHSA-2013-0630
Bugtraq ID:
-
Service Modified:
03/14/2013
User Modified:
-
Edited:
No
PCI Vuln:
Yes
CVSS Base:
6.2
CVSS Temporal:
4.9
THREAT:
The kernel packages contain the Linux kernel, the core of any Linux operating system.

This update fixes the following security issues:

* A flaw was found in the way the xen_iret() function in the Linux kernel used the DS (the CPU's Data Segment) register. A local, unprivileged user in a 32-bit, para-virtualized Xen hypervisor guest could use this flaw to crash the guest or, potentially, escalate their privileges. (CVE-2013-0228, Important)

* A flaw was found in the way file permission checks for the "/dev/cpu/[x]/msr" files were performed in restricted root environments (for example, when using a capability-based security model). A local user with the ability to write to these files could use this flaw to escalate their privileges to kernel level, for example, by writing to the SYSENTER_EIP_MSR register. (CVE-2013-0268, Important)

Users should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs noted in the Technical Notes. The system must be rebooted for this update to take effect.

IMPACT:
This vulnerability could be exploited to gain complete access to sensitive information. Malicious users could also use this vulnerability to change all the contents or configuration on the system.
SOLUTION:
Upgrade to the latest packages which contain a patch. These are available from the Red Hat Network.

To install packages using the command line interface, use the command "yum update".

Refer to Red Hat security advisory RHSA-2013-0630 to address this issue and obtain further details.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

RHSA-2013-0630: RHEL Server Debuginfo (v.6 for IBM System z) (perf-debuginfo-2.6.32-358.2.1.el6.s390x)

RHSA-2013-0630: RHEL Server Debuginfo (v.6 for IBM System z) (kernel-kdump-debuginfo-2.6.32-358.2.1.el6.s390x)

RHSA-2013-0630: RHEL Server Debuginfo (v.6 for IBM System z) (kernel-debuginfo-common-s390x-2.6.32-358.2.1.el6.s390x)

RHSA-2013-0630: RHEL Server Debuginfo (v.6 for IBM System z) (kernel-debuginfo-2.6.32-358.2.1.el6.s390x)

RHSA-2013-0630: RHEL Server Debuginfo (v.6 for IBM System z) (python-perf-debuginfo-2.6.32-358.2.1.el6.s390x)

RHSA-2013-0630: RHEL Server Debuginfo (v.6 for IBM System z) (kernel-debug-debuginfo-2.6.32-358.2.1.el6.s390x)

RHSA-2013-0630: RHEL Server Debuginfo (v.6 for x86) (python-perf-debuginfo-2.6.32-358.2.1.el6.i686)

RHSA-2013-0630: RHEL Server Debuginfo (v.6 for x86) (perf-debuginfo-2.6.32-358.2.1.el6.i686)

RHSA-2013-0630: RHEL Server Debuginfo (v.6 for x86) (kernel-debuginfo-common-i686-2.6.32-358.2.1.el6.i686)

RHSA-2013-0630: RHEL Server Debuginfo (v.6 for x86) (kernel-debuginfo-2.6.32-358.2.1.el6.i686)

RHSA-2013-0630: RHEL Server Debuginfo (v.6 for x86) (kernel-debug-debuginfo-2.6.32-358.2.1.el6.i686)

RHSA-2013-0630: RHEL Server Debuginfo (v.6 for x86_64) (perf-debuginfo-2.6.32-358.2.1.el6.x86_64)

RHSA-2013-0630: RHEL Server Debuginfo (v.6 for x86_64) (python-perf-debuginfo-2.6.32-358.2.1.el6.x86_64)

RHSA-2013-0630: RHEL Server Debuginfo (v.6 for x86_64) (kernel-debug-debuginfo-2.6.32-358.2.1.el6.x86_64)

RHSA-2013-0630: RHEL Server Debuginfo (v.6 for x86_64) (kernel-debuginfo-common-x86_64-2.6.32-358.2.1.el6.x86_64)

RHSA-2013-0630: RHEL Server Debuginfo (v.6 for x86_64) (kernel-debuginfo-2.6.32-358.2.1.el6.x86_64)

RHSA-2013-0630: RHEL Server Optional (v. 6 64-bit x86_64) (python-perf-2.6.32-358.2.1.el6.x86_64)

RHSA-2013-0630: RHEL Server Optional (v. 6 IBM System z) (python-perf-2.6.32-358.2.1.el6.s390x)

RHSA-2013-0630: RHEL Server Optional (v. 6 for 32-bit x86) (python-perf-2.6.32-358.2.1.el6.i686)

RHSA-2013-0630: RHEL Server Optional Debuginfo (v.6 IBM System z) (perf-debuginfo-2.6.32-358.2.1.el6.s390x)

RHSA-2013-0630: RHEL Server Optional Debuginfo (v.6 IBM System z) (kernel-kdump-debuginfo-2.6.32-358.2.1.el6.s390x)

RHSA-2013-0630: RHEL Server Optional Debuginfo (v.6 IBM System z) (kernel-debuginfo-common-s390x-2.6.32-358.2.1.el6.s390x)

RHSA-2013-0630: RHEL Server Optional Debuginfo (v.6 IBM System z) (kernel-debuginfo-2.6.32-358.2.1.el6.s390x)

RHSA-2013-0630: RHEL Server Optional Debuginfo (v.6 IBM System z) (python-perf-debuginfo-2.6.32-358.2.1.el6.s390x)

RHSA-2013-0630: RHEL Server Optional Debuginfo (v.6 IBM System z) (kernel-debug-debuginfo-2.6.32-358.2.1.el6.s390x)

RHSA-2013-0630: RHEL Server Optional Debuginfo (v.6 for x86) (python-perf-debuginfo-2.6.32-358.2.1.el6.i686)

RHSA-2013-0630: RHEL Server Optional Debuginfo (v.6 for x86) (perf-debuginfo-2.6.32-358.2.1.el6.i686)

RHSA-2013-0630: RHEL Server Optional Debuginfo (v.6 for x86) (kernel-debuginfo-common-i686-2.6.32-358.2.1.el6.i686)

RHSA-2013-0630: RHEL Server Optional Debuginfo (v.6 for x86) (kernel-debuginfo-2.6.32-358.2.1.el6.i686)

RHSA-2013-0630: RHEL Server Optional Debuginfo (v.6 for x86) (kernel-debug-debuginfo-2.6.32-358.2.1.el6.i686)

RHSA-2013-0630: RHEL Server Optional Debuginfo (v.6 x86_64) (perf-debuginfo-2.6.32-358.2.1.el6.x86_64)

RHSA-2013-0630: RHEL Server Optional Debuginfo (v.6 x86_64) (python-perf-debuginfo-2.6.32-358.2.1.el6.x86_64)

RHSA-2013-0630: RHEL Server Optional Debuginfo (v.6 x86_64) (kernel-debug-debuginfo-2.6.32-358.2.1.el6.x86_64)

RHSA-2013-0630: RHEL Server Optional Debuginfo (v.6 x86_64) (kernel-debuginfo-common-x86_64-2.6.32-358.2.1.el6.x86_64)

RHSA-2013-0630: RHEL Server Optional Debuginfo (v.6 x86_64) (kernel-debuginfo-2.6.32-358.2.1.el6.x86_64)

RHSA-2013-0630: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (kernel-firmware-2.6.32-358.2.1.el6.noarch)

RHSA-2013-0630: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (kernel-headers-2.6.32-358.2.1.el6.i686)

RHSA-2013-0630: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (kernel-2.6.32-358.2.1.el6.i686)

RHSA-2013-0630: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (kernel-doc-2.6.32-358.2.1.el6.noarch)

RHSA-2013-0630: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perf-2.6.32-358.2.1.el6.i686)

RHSA-2013-0630: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (kernel-devel-2.6.32-358.2.1.el6.i686)

RHSA-2013-0630: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (kernel-debug-devel-2.6.32-358.2.1.el6.i686)

RHSA-2013-0630: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (kernel-debug-2.6.32-358.2.1.el6.i686)

RHSA-2013-0630: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perf-2.6.32-358.2.1.el6.x86_64)

RHSA-2013-0630: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (kernel-headers-2.6.32-358.2.1.el6.x86_64)

RHSA-2013-0630: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (kernel-devel-2.6.32-358.2.1.el6.x86_64)

RHSA-2013-0630: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (kernel-debug-devel-2.6.32-358.2.1.el6.x86_64)

RHSA-2013-0630: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (kernel-debug-2.6.32-358.2.1.el6.x86_64)

RHSA-2013-0630: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (kernel-2.6.32-358.2.1.el6.x86_64)

RHSA-2013-0630: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (kernel-firmware-2.6.32-358.2.1.el6.noarch)

RHSA-2013-0630: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (kernel-doc-2.6.32-358.2.1.el6.noarch)

RHSA-2013-0630: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perf-2.6.32-358.2.1.el6.s390x)

RHSA-2013-0630: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (kernel-kdump-2.6.32-358.2.1.el6.s390x)

RHSA-2013-0630: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (kernel-headers-2.6.32-358.2.1.el6.s390x)

RHSA-2013-0630: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (kernel-devel-2.6.32-358.2.1.el6.s390x)

RHSA-2013-0630: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (kernel-debug-devel-2.6.32-358.2.1.el6.s390x)

RHSA-2013-0630: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (kernel-firmware-2.6.32-358.2.1.el6.noarch)

RHSA-2013-0630: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (kernel-kdump-devel-2.6.32-358.2.1.el6.s390x)

RHSA-2013-0630: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (kernel-debug-2.6.32-358.2.1.el6.s390x)

RHSA-2013-0630: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (kernel-2.6.32-358.2.1.el6.s390x)

RHSA-2013-0630: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (kernel-doc-2.6.32-358.2.1.el6.noarch)

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
Reference:
CVE-2013-0268
Description:
Linux Kernel 'MSR' Driver Local Privilege Escalation - The Exploit-DB Ref : 27297
Link:
http://www.exploit-db.com/exploits/27297
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
PackageInstalled VersionRequired Version
kernel2.6.32-358.0.1.el6.x86_642.6.32-358.2.1.el6
Expand Severity Title Port/Service
3
Red Hat Update for OpenLDAP (RHSA-2011-0347)
 
QID:
119049
Category:
Local
CVE ID:
CVE-2011-1024 CVE-2011-1025 CVE-2011-1081
Vendor Reference
RHSA-2011-0347
Bugtraq ID:
-
Service Modified:
03/15/2011
User Modified:
-
Edited:
No
PCI Vuln:
Yes
CVSS Base:
6.8
CVSS Temporal:
5
THREAT:
OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools.

A flaw was found in the way OpenLDAP handled authentication failures being passed from an OpenLDAP slave to the master. If OpenLDAP was configured with a chain overlay and it forwarded authentication failures, OpenLDAP would bind to the directory as an anonymous user and return success, rather than return failure on the authenticated bind. This could allow a user on a system that uses LDAP for authentication to log into a directory-based account without knowing the password. (CVE-2011-1024)

It was found that the OpenLDAP back-ndb back end allowed successful authentication to the root distinguished name (DN) when any string was provided as a password. A remote user could use this flaw to access an OpenLDAP directory if they knew the value of the root DN. Note: This issue only affected OpenLDAP installations using the NDB back-end, which is only available for Red Hat Enterprise Linux 6 via third-party software. (CVE-2011-1025)

A flaw was found in the way OpenLDAP handled modify relative distinguished name (modrdn) requests. A remote, unauthenticated user could use this flaw to crash an OpenLDAP server via a modrdn request containing an empty old RDN value. (CVE-2011-1081)

Users of OpenLDAP should upgrade to these updated packages, which contain backported patches to resolve these issues. After installing this update, the OpenLDAP daemons will be restarted automatically.

IMPACT:
Exploitation could allow an attacker to gain unauthorized access.
SOLUTION:
Upgrade to the latest packages which contain a patch. These are available from the Red Hat Network.

Steps on using the Red Hat Network to apply packages are listed as follows:
For Red Hat Enterprise Linux Versions 2.1, 3, and 4, the interactive Update Agent can be launched with the "up2date" command.

For Red Hat Enterprise Linux Version 5, the graphical Update tool can be launched with the "pup" command.

To install packages using the command line interface, use the command "yum update".

Refer to Red Hat security advisory RHSA-2011-0347 to address this issue and obtain further details.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

RHSA-2011-0347: RHEL Server Debuginfo (v.6 for IBM System z) (openldap-debuginfo-2.4.19-15.el6_0.2.s390x)

RHSA-2011-0347: RHEL Server Debuginfo (v.6 for IBM System z) (openldap-debuginfo-2.4.19-15.el6_0.2.s390)

RHSA-2011-0347: RHEL Server Debuginfo (v.6 for x86) (openldap-debuginfo-2.4.19-15.el6_0.2.i686)

RHSA-2011-0347: RHEL Server Debuginfo (v.6 for x86_64) (openldap-debuginfo-2.4.19-15.el6_0.2.x86_64)

RHSA-2011-0347: RHEL Server Debuginfo (v.6 for x86_64) (openldap-debuginfo-2.4.19-15.el6_0.2.i686)

RHSA-2011-0347: RHEL Server Optional (v. 6 64-bit x86_64) (openldap-servers-sql-2.4.19-15.el6_0.2.x86_64)

RHSA-2011-0347: RHEL Server Optional (v. 6 IBM System z) (openldap-servers-sql-2.4.19-15.el6_0.2.s390x)

RHSA-2011-0347: RHEL Server Optional (v. 6 for 32-bit x86) (openldap-servers-sql-2.4.19-15.el6_0.2.i686)

RHSA-2011-0347: RHEL Server Optional Debuginfo (v.6 IBM System z) (openldap-debuginfo-2.4.19-15.el6_0.2.s390x)

RHSA-2011-0347: RHEL Server Optional Debuginfo (v.6 for x86) (openldap-debuginfo-2.4.19-15.el6_0.2.i686)

RHSA-2011-0347: RHEL Server Optional Debuginfo (v.6 x86_64) (openldap-debuginfo-2.4.19-15.el6_0.2.x86_64)

RHSA-2011-0347: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (openldap-servers-2.4.19-15.el6_0.2.i686)

RHSA-2011-0347: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (openldap-devel-2.4.19-15.el6_0.2.i686)

RHSA-2011-0347: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (openldap-clients-2.4.19-15.el6_0.2.i686)

RHSA-2011-0347: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (openldap-2.4.19-15.el6_0.2.i686)

RHSA-2011-0347: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (compat-openldap-2.4.19_2.3.43-15.el6_0.2.i686)

RHSA-2011-0347: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (openldap-servers-2.4.19-15.el6_0.2.x86_64)

RHSA-2011-0347: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (openldap-devel-2.4.19-15.el6_0.2.x86_64)

RHSA-2011-0347: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (openldap-clients-2.4.19-15.el6_0.2.x86_64)

RHSA-2011-0347: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (openldap-2.4.19-15.el6_0.2.x86_64)

RHSA-2011-0347: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (compat-openldap-2.4.19_2.3.43-15.el6_0.2.x86_64)

RHSA-2011-0347: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (openldap-devel-2.4.19-15.el6_0.2.i686)

RHSA-2011-0347: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (openldap-2.4.19-15.el6_0.2.i686)

RHSA-2011-0347: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (compat-openldap-2.4.19_2.3.43-15.el6_0.2.i686)

RHSA-2011-0347: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (openldap-servers-2.4.19-15.el6_0.2.s390x)

RHSA-2011-0347: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (openldap-devel-2.4.19-15.el6_0.2.s390x)

RHSA-2011-0347: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (openldap-clients-2.4.19-15.el6_0.2.s390x)

RHSA-2011-0347: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (openldap-2.4.19-15.el6_0.2.s390x)

RHSA-2011-0347: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (compat-openldap-2.4.19_2.3.43-15.el6_0.2.s390x)

RHSA-2011-0347: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (openldap-devel-2.4.19-15.el6_0.2.s390)

RHSA-2011-0347: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (openldap-2.4.19-15.el6_0.2.s390)

RHSA-2011-0347: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (compat-openldap-2.4.19_2.3.43-15.el6_0.2.s390)

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
PackageInstalled VersionRequired Version
compat-openldap2.3.43-2.el6.x86_642.4.19_2.3.43-15.el6_0.2
Expand Severity Title Port/Service
3
Red Hat Update for Perl (RHSA-2011-1424)
 
QID:
119725
Category:
Local
CVE ID:
CVE-2011-2939 CVE-2011-3597
Vendor Reference
RHSA-2011-1424
Bugtraq ID:
-
Service Modified:
11/07/2011
User Modified:
-
Edited:
No
PCI Vuln:
Yes
CVSS Base:
7.5
CVSS Temporal:
5.5
THREAT:
Perl is a high-level programming language commonly used for system administration utilities and web programming.

A heap-based buffer overflow flaw was found in the way Perl decoded Unicode strings. An attacker could create a malicious Unicode string that, when decoded by a Perl program, would cause the program to crash or, potentially, execute arbitrary code with the permissions of the user running the program. (CVE-2011-2939)

It was found that the "new" constructor of the Digest module used its argument as part of the string expression passed to the eval() function. An attacker could possibly use this flaw to execute arbitrary Perl code with the privileges of a Perl program that uses untrusted input as an argument to the constructor. (CVE-2011-3597)

All Perl users should upgrade to these updated packages, which contain backported patches to correct these issues. All running Perl programs must be restarted for this update to take effect.

IMPACT:
Exploitation could result in arbitrary execution of code or result in a denial of service condition.
SOLUTION:
Upgrade to the latest packages which contain a patch. These are available from the Red Hat Network.

Steps on using the Red Hat Network to apply packages are listed as follows:
For Red Hat Enterprise Linux Versions 2.1, 3, and 4, the interactive Update Agent can be launched with the "up2date" command.

For Red Hat Enterprise Linux Version 5, the graphical Update tool can be launched with the "pup" command.

To install packages using the command line interface, use the command "yum update".

Refer to Red Hat security advisory RHSA-2011-1424 to address this issue and obtain further details.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

RHSA-2011-1424: RHEL Server Debuginfo (v.6 for IBM System z) (perl-debuginfo-5.10.1-119.el6_1.1.s390x)

RHSA-2011-1424: RHEL Server Debuginfo (v.6 for IBM System z) (perl-debuginfo-5.10.1-119.el6_1.1.s390)

RHSA-2011-1424: RHEL Server Debuginfo (v.6 for x86) (perl-debuginfo-5.10.1-119.el6_1.1.i686)

RHSA-2011-1424: RHEL Server Debuginfo (v.6 for x86_64) (perl-debuginfo-5.10.1-119.el6_1.1.x86_64)

RHSA-2011-1424: RHEL Server Debuginfo (v.6 for x86_64) (perl-debuginfo-5.10.1-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-version-0.77-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-suidperl-5.10.1-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-parent-0.221-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-libs-5.10.1-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-devel-5.10.1-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-core-5.10.1-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-Time-Piece-1.15-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-Time-HiRes-1.9721-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-Test-Simple-0.92-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-Test-Harness-3.17-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-Term-UI-0.20-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-Pod-Simple-3.13-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-Pod-Escapes-1.04-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-Parse-CPAN-Meta-1.40-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-Params-Check-0.26-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-Package-Constants-0.02-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-Object-Accessor-0.34-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-Module-Pluggable-3.90-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-Module-Loaded-0.02-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-Module-Load-Conditional-0.30-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-Module-Load-0.16-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-Module-CoreList-2.18-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-Module-Build-0.3500-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-Log-Message-Simple-0.04-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-Log-Message-0.02-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-Locale-Maketext-Simple-0.18-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-IPC-Cmd-0.56-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-IO-Zlib-1.09-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-IO-Compress-Zlib-2.020-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-IO-Compress-Base-2.020-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-File-Fetch-0.26-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-ExtUtils-ParseXS-2.2003.0-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-ExtUtils-MakeMaker-6.55-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-ExtUtils-Embed-1.28-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-ExtUtils-CBuilder-0.27-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-Digest-SHA-5.47-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-Compress-Zlib-2.020-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-Compress-Raw-Zlib-2.023-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-CPANPLUS-0.88-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-CPAN-1.9402-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-CGI-3.51-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-Archive-Tar-1.58-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-Archive-Extract-0.38-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-5.10.1-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-version-0.77-119.el6_1.1.x86_64)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-suidperl-5.10.1-119.el6_1.1.x86_64)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-parent-0.221-119.el6_1.1.x86_64)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-libs-5.10.1-119.el6_1.1.x86_64)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-devel-5.10.1-119.el6_1.1.x86_64)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-core-5.10.1-119.el6_1.1.x86_64)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-Time-Piece-1.15-119.el6_1.1.x86_64)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-Time-HiRes-1.9721-119.el6_1.1.x86_64)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-Test-Simple-0.92-119.el6_1.1.x86_64)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-Test-Harness-3.17-119.el6_1.1.x86_64)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-Term-UI-0.20-119.el6_1.1.x86_64)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-Pod-Simple-3.13-119.el6_1.1.x86_64)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-Pod-Escapes-1.04-119.el6_1.1.x86_64)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-Parse-CPAN-Meta-1.40-119.el6_1.1.x86_64)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-Params-Check-0.26-119.el6_1.1.x86_64)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-Package-Constants-0.02-119.el6_1.1.x86_64)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-Object-Accessor-0.34-119.el6_1.1.x86_64)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-Module-Pluggable-3.90-119.el6_1.1.x86_64)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-Module-Loaded-0.02-119.el6_1.1.x86_64)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-Module-Load-Conditional-0.30-119.el6_1.1.x86_64)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-Module-Load-0.16-119.el6_1.1.x86_64)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-Module-CoreList-2.18-119.el6_1.1.x86_64)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-Module-Build-0.3500-119.el6_1.1.x86_64)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-Log-Message-Simple-0.04-119.el6_1.1.x86_64)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-Log-Message-0.02-119.el6_1.1.x86_64)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-Locale-Maketext-Simple-0.18-119.el6_1.1.x86_64)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-IPC-Cmd-0.56-119.el6_1.1.x86_64)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-IO-Zlib-1.09-119.el6_1.1.x86_64)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-IO-Compress-Zlib-2.020-119.el6_1.1.x86_64)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-IO-Compress-Base-2.020-119.el6_1.1.x86_64)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-File-Fetch-0.26-119.el6_1.1.x86_64)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-ExtUtils-ParseXS-2.2003.0-119.el6_1.1.x86_64)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-ExtUtils-MakeMaker-6.55-119.el6_1.1.x86_64)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-ExtUtils-Embed-1.28-119.el6_1.1.x86_64)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-ExtUtils-CBuilder-0.27-119.el6_1.1.x86_64)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-Digest-SHA-5.47-119.el6_1.1.x86_64)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-Compress-Zlib-2.020-119.el6_1.1.x86_64)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-Compress-Raw-Zlib-2.023-119.el6_1.1.x86_64)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-CPANPLUS-0.88-119.el6_1.1.x86_64)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-CPAN-1.9402-119.el6_1.1.x86_64)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-CGI-3.51-119.el6_1.1.x86_64)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-Archive-Tar-1.58-119.el6_1.1.x86_64)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-Archive-Extract-0.38-119.el6_1.1.x86_64)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-5.10.1-119.el6_1.1.x86_64)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-libs-5.10.1-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-devel-5.10.1-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-version-0.77-119.el6_1.1.s390x)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-suidperl-5.10.1-119.el6_1.1.s390x)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-parent-0.221-119.el6_1.1.s390x)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-libs-5.10.1-119.el6_1.1.s390x)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-devel-5.10.1-119.el6_1.1.s390x)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-core-5.10.1-119.el6_1.1.s390x)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-Time-Piece-1.15-119.el6_1.1.s390x)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-Time-HiRes-1.9721-119.el6_1.1.s390x)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-Test-Simple-0.92-119.el6_1.1.s390x)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-Test-Harness-3.17-119.el6_1.1.s390x)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-Term-UI-0.20-119.el6_1.1.s390x)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-Pod-Simple-3.13-119.el6_1.1.s390x)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-Pod-Escapes-1.04-119.el6_1.1.s390x)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-Parse-CPAN-Meta-1.40-119.el6_1.1.s390x)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-Params-Check-0.26-119.el6_1.1.s390x)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-Package-Constants-0.02-119.el6_1.1.s390x)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-Object-Accessor-0.34-119.el6_1.1.s390x)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-Module-Pluggable-3.90-119.el6_1.1.s390x)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-Module-Loaded-0.02-119.el6_1.1.s390x)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-Module-Load-Conditional-0.30-119.el6_1.1.s390x)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-Module-Load-0.16-119.el6_1.1.s390x)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-Module-CoreList-2.18-119.el6_1.1.s390x)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-Module-Build-0.3500-119.el6_1.1.s390x)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-Log-Message-Simple-0.04-119.el6_1.1.s390x)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-Log-Message-0.02-119.el6_1.1.s390x)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-Locale-Maketext-Simple-0.18-119.el6_1.1.s390x)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-IPC-Cmd-0.56-119.el6_1.1.s390x)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-IO-Zlib-1.09-119.el6_1.1.s390x)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-IO-Compress-Zlib-2.020-119.el6_1.1.s390x)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-IO-Compress-Base-2.020-119.el6_1.1.s390x)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-File-Fetch-0.26-119.el6_1.1.s390x)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-ExtUtils-ParseXS-2.2003.0-119.el6_1.1.s390x)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-ExtUtils-MakeMaker-6.55-119.el6_1.1.s390x)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-ExtUtils-Embed-1.28-119.el6_1.1.s390x)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-ExtUtils-CBuilder-0.27-119.el6_1.1.s390x)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-Digest-SHA-5.47-119.el6_1.1.s390x)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-Compress-Zlib-2.020-119.el6_1.1.s390x)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-Compress-Raw-Zlib-2.023-119.el6_1.1.s390x)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-CPANPLUS-0.88-119.el6_1.1.s390x)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-CPAN-1.9402-119.el6_1.1.s390x)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-CGI-3.51-119.el6_1.1.s390x)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-Archive-Tar-1.58-119.el6_1.1.s390x)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-Archive-Extract-0.38-119.el6_1.1.s390x)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-5.10.1-119.el6_1.1.s390x)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-libs-5.10.1-119.el6_1.1.s390)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-devel-5.10.1-119.el6_1.1.s390)

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
PackageInstalled VersionRequired Version
perl-Compress-Raw-Zlib2.020-129.el6.x86_642.023-119.el6_1.1
Expand Severity Title Port/Service
3
Remote Access or Management Service Detected
QID:
42017
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
10/17/2011
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
A remote access or remote management service was detected. If such a service is accessible to malicious users it can be used to carry different type of attacks. Malicious users could try to brute force credentials or collect additional information on the service which could enable them in crafting further attacks.

The Results section includes information on the remote access service that was found on the target.

Services like Telnet, Rlogin, SSH, windows remote desktop, pcAnywhere, Citrix Management Console, Remote Admin (RAdmin), VNC, OPENVPN and ISAKMP are checked.

IMPACT:
Consequences vary by the type of attack.
SOLUTION:
Expose the remote access or remote management services only to the system administrators or intended users of the system.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Service name: SSH on TCP port 22.
Expand Severity Title Port/Service
3
Unix Group List
QID:
105130
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
03/07/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
All Unix groups found at the host are listed in the result section. The following fields are provided in the order shown.

1) The group name. Group names are fairly arbitrary but it is a good idea to choose group names that express some idea about the function of the group.
2) The group's encrypted password. Group passwords encouraged poor security practices, so most modern Unix systems don't support them.
3) The group's unique numeric ID (GID).
4) All users in the group.

IMPACT:
Users can get elevated privileges if they are added to Unix groups.
SOLUTION:
Check to be sure that the information provided adheres to your security policy.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
No results available
Expand Severity Title Port/Service
3
User Home Directory With Non-Restrictive Permissions
QID:
105155
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
03/25/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The home directory of the users shown in the result section have restrictive permissions. Ideally all home directories should have the following permissions:

Owner: read, write, execute
Group: read, execute
Other: (No Permission)

IMPACT:
Unauthorised users can have read, write or execute access.
SOLUTION:
Change the directory permissions by issuing the following command:
chmod -R 750 (directory name)
COMPLIANCE:
Type: CobIT
Section: DS5.4
Description: User Account Management Ensure that requesting, establishing, issuing, suspending, modifying and closing user accounts and related user privileges are addressed by user account management. An approval procedure outlining the data or system owner granting the access privileges should be included. These procedures should apply for all users, including administrators (privileged users), internal and external users, for normal and emergency cases. Rights and obligations relative to access to enterprise systems and information are contractually arranged for all types of users. Perform regular management review of all accounts and related privileges.

EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
drwxr-xr-x 2 root root 4096 May 7 2011 drivers
drwxr-xr-x 2 root root 4096 May 7 2011 images
drwxr-xr-x 6 root root 4096 May 7 2011 linux
drwxr-xr-x 4 root root 4096 May 7 2011 serveradministrator
Expand Severity Title Port/Service
3
RPC Portmapper Information
QID:
125001
Category:
Forensics
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
08/08/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The result section shows the information received by making an RPC call to the portmapper on the target host. It shows the list of all registered RPC programs.
IMPACT:
N/A
SOLUTION:
Check to be sure that the information reported adheres to your security policy.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
program vers proto port service
100000 4 tcp 111 portmapper
100000 3 tcp 111 portmapper
100000 2 tcp 111 portmapper
100000 4 udp 111 portmapper
100000 3 udp 111 portmapper
100000 2 udp 111 portmapper
100024 1 udp 662 status
100024 1 tcp 662 status
100011 1 udp 875 rquotad
100011 2 udp 875 rquotad
100011 1 tcp 875 rquotad
100011 2 tcp 875 rquotad
100005 1 udp 892 mountd
100005 1 tcp 892 mountd
100005 2 udp 892 mountd
100005 2 tcp 892 mountd
100005 3 udp 892 mountd
100005 3 tcp 892 mountd
100003 2 tcp 2049 nfs
100003 3 tcp 2049 nfs
100003 4 tcp 2049 nfs
100227 2 tcp 2049 nfs_acl
100227 3 tcp 2049 nfs_acl
100003 2 udp 2049 nfs
100003 3 udp 2049 nfs
100003 4 udp 2049 nfs
100227 2 udp 2049 nfs_acl
100227 3 udp 2049 nfs_acl
100021 1 udp 32769 nlockmgr
100021 3 udp 32769 nlockmgr
100021 4 udp 32769 nlockmgr
100021 1 tcp 32803 nlockmgr
100021 3 tcp 32803 nlockmgr
100021 4 tcp 32803 nlockmgr
Expand Severity Title Port/Service
3
Network Filesystem (NFS) Exports Information
QID:
125002
Category:
Forensics
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
04/21/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
All filesystems being exported to remote users via NFS, as well as the access rights relating to those filesystems, are located in the /etc/exports file. This file is read by the "exportfs" command to give rpc.mountd and rpc.nfsd the information necessary to allow the remote mounting of a filesystem by an authorized host.

The /etc/exports file is the standard for controlling which filesystems are exported to which hosts, as well as specifying particular control options. Blank lines are ignored, comments can be made using #, and long lines can be wrapped with a backslash (\). Each exported filesystem should be on its own line. Lists of authorized hosts placed after an exported filesystem must be separated by space characters. Options for each of the hosts must be placed in parentheses directly after the host identifier, without any spaces separating the host and the first parenthesis.

Remote NFS clients can access the file systems exported depending on their access rights. The /etc/exports file is listed in the result section.

IMPACT:
N/A
SOLUTION:
Make sure that the exported file system and rights adhere to your security policy.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Export list for s191.schsr.unc.edu:
/mnt/nfs4/SAS 152.2.35.147,152.2.35.48,152.2.35.140,152.2.35.88
/mnt/nfs4 152.2.35.82


0


/mnt/nfs4 152.2.35.82(rw,fsid=0,insecure,no_subtree_check,sync,anonuid=65534,anongid=65534)
/mnt/nfs4/SAS 152.2.35.88(rw,fsid=0,insecure,no_subtree_check,sync,anonuid=65534,anongid=65534)
/mnt/nfs4/SAS 152.2.35.140(rw,fsid=0,insecure,no_subtree_check,sync,anonuid=65534,anongid=65534)
/mnt/nfs4/SAS 152.2.35.48(rw,fsid=0,insecure,no_subtree_check,sync,no_root_squash)
/mnt/nfs4/SAS 152.2.35.147(rw,fsid=0,insecure,no_subtree_check,sync,no_root_squash)
Expand Severity Title Port/Service
2
Operating System Detected
QID:
45017
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
02/09/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Several different techniques can be used to identify the operating system (OS) running on a host. A short description of these techniques is provided below. The specific technique used to identify the OS on this host is included in the RESULTS section of your report.

1) TCP/IP Fingerprint: The operating system of a host can be identified from a remote system using TCP/IP fingerprinting. All underlying operating system TCP/IP stacks have subtle differences that can be seen in their responses to specially-crafted TCP packets. According to the results of this "fingerprinting" technique, the OS version is among those listed below.

Note that if one or more of these subtle differences are modified by a firewall or a packet filtering device between the scanner and the host, the fingerprinting technique may fail. Consequently, the version of the OS may not be detected correctly. If the host is behind a proxy-type firewall, the version of the operating system detected may be that for the firewall instead of for the host being scanned.

2) NetBIOS: Short for Network Basic Input Output System, an application programming interface (API) that augments the DOS BIOS by adding special functions for local-area networks (LANs). Almost all LANs for PCs are based on the NetBIOS. Some LAN manufacturers have even extended it, adding additional network capabilities. NetBIOS relies on a message format called Server Message Block (SMB).

3) PHP Info: PHP is a hypertext pre-processor, an open-source, server-side, HTML-embedded scripting language used to create dynamic Web pages. Under some configurations it is possible to call PHP functions like phpinfo() and obtain operating system information.

4) SNMP: The Simple Network Monitoring Protocol is used to monitor hosts, routers, and the networks to which they attach. The SNMP service maintains Management Information Base (MIB), a set of variables (database) that can be fetched by Managers. These include "MIB_II.system.sysDescr" for the operating system.

IMPACT:
Not applicable.
SOLUTION:
Not applicable.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Operating SystemTechniqueID
Red Hat Enterprise Linux Server 6.4Unix login
Ubuntu / Linux 2.6.xTCP/IP FingerprintU4856:22
cpe:/o:redhat:red hat enterprise linux:6.4::server:CPE
Expand Severity Title Port/Service
2
List of Java Related Packages
QID:
45096
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
10/08/2008
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
All Java-related packages installed on your system are listed.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
java-1.5.0-gcj-1.5.0.0-29.1.el6.x86_64
tzdata-java-2012j-2.el6.noarch
java_cup-0.10k-5.el6.x86_64
java-1.6.0-openjdk-1.6.0.0-1.57.1.11.9.el6_4.x86_64
Expand Severity Title Port/Service
2
Host Uptime Based on TCP TimeStamp Option
QID:
82063
Category:
TCP/IP
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/29/2007
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The TCP/IP stack on the host supports the TCP TimeStamp (kind 8) option. Typically the timestamp used is the host's uptime (since last reboot) in various units (e.g., one hundredth of second, one tenth of a second, etc.). Based on this, we can obtain the host's uptime. The result is given in the Result section below.

Some operating systems (e.g., MacOS, OpenBSD) use a non-zero, probably random, initial value for the timestamp. For these operating systems, the uptime obtained does not reflect the actual uptime of the host; the former is always larger than the latter.

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Based on TCP timestamps obtained via port 22, the host's uptime is 12 days, 0 hours, and 20 minutes.
The TCP timestamps from the host are in units of 1 milliseconds.
Expand Severity Title Port/Service
2
Unix Users With root UserID
QID:
105139
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
09/22/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The result section displays UNIX users with a root UserID, that is users with UID of 0.
IMPACT:
Root privileges on a UNIX host permits a user complete control of the host's operating system, configuration, and services. Restricted use of this privilege is advised. Check to be sure the results adhere to your security policy.
SOLUTION:
Remove users that should not have root UserID according to your security policy.
COMPLIANCE:
Type: CobIT
Section: DS5.4
Description: User Account Management Ensure that requesting, establishing, issuing, suspending, modifying and closing user accounts and related user privileges are addressed by user account management. An approval procedure outlining the data or system owner granting the access privileges should be included. These procedures should apply for all users, including administrators (privileged users), internal and external users, for normal and emergency cases. Rights and obligations relative to access to enterprise systems and information are contractually arranged for all types of users. Perform regular management review of all accounts and related privileges.

EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
root
Expand Severity Title Port/Service
2
Unix Users With root GroupID
QID:
105140
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
09/22/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The result section displays UNIX users with a root GroupID, that is users with GID of 0.
IMPACT:
Root privileges on a UNIX host permits a user complete control of the host's operating system, configuration, and services. Restricted use of this privilege is advised. Check to be sure the results adhere to your security policy.
SOLUTION:
Remove users that should not have root GroupID according to your security policy.
COMPLIANCE:
Type: CobIT
Section: DS5.4
Description: User Account Management Ensure that requesting, establishing, issuing, suspending, modifying and closing user accounts and related user privileges are addressed by user account management. An approval procedure outlining the data or system owner granting the access privileges should be included. These procedures should apply for all users, including administrators (privileged users), internal and external users, for normal and emergency cases. Rights and obligations relative to access to enterprise systems and information are contractually arranged for all types of users. Perform regular management review of all accounts and related privileges.

EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
root
sync
shutdown
halt
operator
Expand Severity Title Port/Service
2
List of Home Directories Associated with UserIDs
QID:
105207
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
07/06/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
All users should have a default home directory assigned. The UserID and home directory associated with the userid are as follows.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
No results available
Expand Severity Title Port/Service
2
Shared Resource List.
QID:
105211
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
07/07/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
List of automatically shared resources over NFS are as follows.
IMPACT:
These resources are shared over NFS.
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
/mnt/nfs4 152.2.35.82(rw,fsid=0,insecure,no_subtree_check,sync,anonuid=65534,anongid=65534)
/mnt/nfs4/SAS 152.2.35.88(rw,fsid=0,insecure,no_subtree_check,sync,anonuid=65534,anongid=65534)
/mnt/nfs4/SAS 152.2.35.140(rw,fsid=0,insecure,no_subtree_check,sync,anonuid=65534,anongid=65534)
/mnt/nfs4/SAS 152.2.35.48(rw,fsid=0,insecure,no_subtree_check,sync,no_root_squash)
/mnt/nfs4/SAS 152.2.35.147(rw,fsid=0,insecure,no_subtree_check,sync,no_root_squash)
Expand Severity Title Port/Service
2
List of Valid Shells
QID:
105213
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
07/19/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
/etc/shells is a text file which contains the full pathnames of valid login shells. This detection gets the contents of /etc/shells file. More information can be found by "man shells" or "man getusershell".
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
/bin/sh
/bin/bash
/sbin/nologin
/bin/tcsh
/bin/csh
/bin/dash
Expand Severity Title Port/Service
2
SU Logging
QID:
105326
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
04/08/2008
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
SU logging should be enabled to monitor suspicious activity.
IMPACT:
N/A
SOLUTION:
For Solaris, modify the /etc/default/su file and set the "SULOG" parameter.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
No results available
Expand Severity Title Port/Service
2
root Should Be Specified in Block List for FTP Users
QID:
105328
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
04/25/2008
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
As best practice root user should be present in the list of users blocked for File Transfer Protocol (FTP) access. A configuration file contains this list of local user names that the ftpd server does not allow remote FTP clients to use. The general name and location of this file is:

On Linux, Solaris and Mac - "/etc/ftpusers"
On HP-UX - "/etc/ftpd/ftpusers" or "/etc/ftpd/ftpaccess"

Note: On HP-UX, root permission is required to access /etc/ftpd/ftpusers file.

This vulnerability check requires read permission on above mentioned configuration files. Without permission this detection may give false results.

IMPACT:
N/A
SOLUTION:
Add root entry in the corresponding configuration file.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
File "/etc/ftpusers" not present or not accessible
Expand Severity Title Port/Service
1
DNS Host Name
QID:
6
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
01/01/1999
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The fully qualified domain name of this host, if it was obtained from a DNS server, is displayed in the RESULT section.
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
IP addressHost name
152.2.35.191s191.schsr.unc.edu
Expand Severity Title Port/Service
1
Firewall Detected
QID:
34011
Category:
Firewall
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
10/16/2001
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
A packet filtering device protecting this IP was detected. This is likely to be a firewall or a router using access control lists (ACLs).
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Some of the ports filtered by the firewall are: 20, 21, 23, 25, 53, 80, 111, 135, 443, 445.

Listed below are the ports filtered by the firewall.
No response has been received when any of these ports is probed.
1-21,23-630,632-6128,6130-65535
Expand Severity Title Port/Service
1
Target Network Information
QID:
45004
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
08/15/2013
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The information shown in the Result section was returned by the network infrastructure responsible for routing traffic from our cloud platform to the target network (where the scanner appliance is located).

This information was returned from: 1) the WHOIS service, or 2) the infrastructure provided by the closest gateway server to our cloud platform. If your ISP is routing traffic, your ISP's gateway server returned this information.

IMPACT:
This information can be used by malicious users to gather more information about the network infrastructure that may help in launching attacks against it.
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
The network handle is: UNCCH-NET
Network description:
University of North Carolina at Chapel Hill
Expand Severity Title Port/Service
1
Internet Service Provider
QID:
45005
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
08/15/2013
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The information shown in the Result section was returned by the network infrastructure responsible for routing traffic from our cloud platform to the target network (where the scanner appliance is located).

This information was returned from: 1) the WHOIS service, or 2) the infrastructure provided by the closest gateway server to our cloud platform. If your ISP is routing traffic, your ISP's gateway server returned this information.This information was gathered using the WHOIS service for the network and is believed to be the ISP of the target network.

IMPACT:
This information can be used by malicious users to gather more information about the network infrastructure that may aid in launching further attacks against it.
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
The ISP network handle is: UNCCH-NET
ISP Network description:
University of North Carolina at Chapel Hill
Expand Severity Title Port/Service
1
Traceroute
QID:
45006
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/09/2003
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Traceroute describes the path in realtime from the scanner to the remote host being contacted. It reports the IP addresses of all the routers in between.
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
HopsIPRound Trip TimeProbe
1152.2.20.10.41msICMP
2152.19.253.10612.28msICMP
3152.19.255.171.04msICMP
4152.19.255.2101.48msICMP
5152.2.35.1910.85msICMP
Expand Severity Title Port/Service
1
Unix Server Information
QID:
45037
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
11/29/2004
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The following information was found about the Unix server:
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
UNameLinux s191.schsr.unc.edu 2.6.32-358.0.1.el6.x86 64 #1 SMP Wed Feb 20 11:05:23 EST 2013 x86 64 x86 64 x86 64 GNU/Linux
Operating systemLinux
Red Hat ReleaseRed Hat Enterprise Linux Server release 6.4 (Santiago)
ProductRed Hat Enterprise Linux Server
Version6.4
VendorRed Hat
CPUx86 64
Expand Severity Title Port/Service
1
Host Scan Time
QID:
45038
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
11/18/2004
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The Host Scan Time is the period of time it takes the scanning engine to perform the vulnerability assessment of a single target host. The Host Scan Time for this host is reported in the Result section below.

The Host Scan Time does not have a direct correlation to the Duration time as displayed in the Report Summary section of a scan results report. The Duration is the period of time it takes the service to perform a scan task. The Duration includes the time it takes the service to scan all hosts, which may involve parallel scanning. It also includes the time it takes for a scanner appliance to pick up the scan task and transfer the results back to the service's Secure Operating Center. Further, when a scan task is distributed across multiple scanners, the Duration includes the time it takes to perform parallel host scanning on all scanners.

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Scan duration: 2335 seconds

Start time: Sat, Mar 23 2013, 14:15:48 GMT

End time: Sat, Mar 23 2013, 14:54:43 GMT
Expand Severity Title Port/Service
1
Host Names Found
QID:
45039
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
02/14/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The following host names were discovered for this computer using various methods such as DNS look up, NetBIOS query, and SQL server name query.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Host NameSource
s191.schsr.unc.eduFQDN
s191.schsr.unc.eduSystem-configured
Expand Severity Title Port/Service
1
Contents of /etc/issue File
QID:
45046
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/04/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The /etc/issue file contains the login banner.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Red Hat Enterprise Linux Server release 6.4 (Santiago)
Kernel \r on an \m
Expand Severity Title Port/Service
1
Network File System (NFS) Statistics
QID:
45076
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
01/23/2008
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
NFS is a network file system protocol allowing a user on a client computer to access files over a network as if the network devices were attached to its local disks. NFS, like many other protocols, builds on the Open Network Computing Remote Procedure Call (ONC RPC) system. The Network File System protocol is specified in RFC 1094, RFC 1813, and RFC 3530 (which obsoletes RFC 3010).

The results section of this QID prints the NFS statistics.

IMPACT:
n/a
SOLUTION:
n/a
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
nfsstat -s

Server rpc stats:
calls badcalls badauth badclnt xdrcall
14004 0 0 0 0

Server nfs v4:
null compound
0 0% 14004 100%

Server nfs v4 operations:
op0-unused op1-unused op2-future access close commit
0 0% 0 0% 0 0% 3525 11% 0 0% 0 0%
create delegpurge delegreturn getattr getfh link
0 0% 0 0% 0 0% 10456 34% 935 3% 0 0%
lock lockt locku lookup lookup_root nverify
0 0% 0 0% 0 0% 935 3% 0 0% 0 0%
open openattr open_conf open_dgrd putfh putpubfh
0 0% 0 0% 0 0% 0 0% 14004 46% 0 0%
putrootfh read readdir readlink remove rename
0 0% 0 0% 23 0% 0 0% 0 0% 0 0%
renew restorefh savefh secinfo setattr setcltid
0 0% 0 0% 0 0% 0 0% 0 0% 0 0%
setcltidconf verify write rellockowner bc_ctl bind_conn
0 0% 0 0% 0 0% 0 0% 0 0% 0 0%
exchange_id create_ses destroy_ses free_stateid getdirdeleg getdevinfo
0 0% 0 0% 0 0% 0 0% 0 0% 0 0%
getdevlist layoutcommit layoutget layoutreturn secinfononam sequence
0 0% 0 0% 0 0% 0 0% 0 0% 0 0%
set_ssv test_stateid want_deleg destroy_clid reclaim_comp
0 0% 0 0% 0 0% 0 0% 0 0%
Expand Severity Title Port/Service
1
Linux Kernel Version Running
QID:
45097
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/05/2009
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The Linux kernel version running on the system at the time of the scan is listed in the result section. This QID currently supports:

Red Hat Linux
Oracle Enterprise Linux
Suse
Fedora
Debian
Ubuntu
CentOS

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Running Kernel Version is: 2.6.32-358.0.1.el6.x86_64
Expand Severity Title Port/Service
1
Installed Kernel rpm List for Red Hat and Oracle Enterprise Linux
QID:
45098
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/05/2009
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
List of Red Hat Linux or Oracle Enterprise Linux kernels installed on the system.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
kernel-2.6.32-358.0.1.el6.x86_64
kernel-2.6.32-358.2.1.el6.x86_64
dracut-kernel-004-303.el6.noarch
Expand Severity Title Port/Service
1
Contents of rsyslog.conf File
QID:
45121
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
01/10/2011
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The rsyslog.conf file is the main configuration file for the rsyslogd which logs system messages on *nix systems. This file specifies rules for logging.

ryslog.conf is backward compatible with sysklogd's syslog.conf file.

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
# rsyslog v5 configuration file

# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html

#### MODULES ####

$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imklog # provides kernel logging support (previously done by rklogd)
#$ModLoad immark # provides --MARK-- message capability

# Provides UDP syslog reception
#$ModLoad imudp
#$UDPServerRun 514

# Provides TCP syslog reception
#$ModLoad imtcp
#$InputTCPServerRun 514


#### GLOBAL DIRECTIVES ####

# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

# File syncing capability is disabled by default. This feature is usually not required,
# not useful and an extreme performance hit
#$ActionFileEnableSync on

# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf


#### RULES ####

# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages

# The authpriv file has restricted access.
authpriv.* /var/log/secure

# Log all the mail messages in one place.
mail.* -/var/log/maillog


# Log cron stuff
cron.* /var/log/cron

# Everybody gets emergency messages
*.emerg *

# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler

# Save boot messages also to boot.log
local7.* /var/log/boot.log


# ### begin forwarding rule ###
# The statement between the begin ... end define a SINGLE forwarding
# rule. They belong together, do NOT split them. If you create multiple
# forwarding rules, duplicate the whole block!
# Remote Logging (we use TCP for reliable delivery)
#
# An on-disk queue is created for this action. If the remote host is
# down, messages are spooled to disk and sent when it is up again.
#$WorkDirectory /var/lib/rsyslog # where to place spool files
#$ActionQueueFileName fwdRule1 # unique name prefix for spool files
#$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)
#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
#$ActionQueueType LinkedList # run asynchronously
#$ActionResumeRetryCount -1 # infinite retries if host is down
# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
#*.* @@remote-host:514
# ### end of the forwarding rule ###
Expand Severity Title Port/Service
1
"daemon.notice" Entry Missing in rsyslog.conf file
QID:
45122
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
01/10/2011
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The rsyslog.conf file specifies rules for logging. The file contains information used by the rsyslogd to forward a system message to appropriate log files and/or users. An entry of the form:

daemon.notice [Tab] <path to logfile>

ensures that all conditions involving daemons (such as ftpd) that are not error conditions are logged in the specified log file.

This entry was found to be missing from the rsyslog.conf file on the target.

IMPACT:
N/A
SOLUTION:
Ensure that the absence of the daemon.notice entry is in compliance with your organization's security policy.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imklog # provides kernel logging support (previously done by rklogd)





$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat


$IncludeConfig /etc/rsyslog.d/*.conf




*.info;mail.none;authpriv.none;cron.none /var/log/messages

authpriv.* /var/log/secure

mail.* -/var/log/maillog


cron.* /var/log/cron

*.emerg *

uucp,news.crit /var/log/spooler

local7.* /var/log/boot.log
Expand Severity Title Port/Service
1
Java Version Detected
QID:
45125
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
01/27/2011
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
An instance of java was detected on the target *NIX host.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
java -version

java version "1.6.0_24"
OpenJDK Runtime Environment (IcedTea6 1.11.9) (rhel-1.57.1.11.9.el6_4-x86_64)
OpenJDK 64-Bit Server VM (build 20.0-b12, mixed mode)
Expand Severity Title Port/Service
1
Python Installed on Host
QID:
45127
Category:
Information gathering
CVE ID:
-
Vendor Reference
Python
Bugtraq ID:
-
Service Modified:
07/26/2011
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Python is installed on target host. Python is a powerful dynamic programming language that is used in a wide variety of application domains. Python is available for all major operating systems including Windows, Linux/Unix, OS/2 etc.

Note: For Windows Systems
To get the exact version of Python installed on the target, look for the string followed by '#define PY_VERSION' in the result section. A target can have more than one version of Python installed.

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
2.6.6 (r266:84292, Oct 12 2012, 14:23:48)
[GCC 4.4.6 20120305 (Red Hat 4.4.6-4)]
Expand Severity Title Port/Service
1
Java Runtime Environment 1.6 Installed
QID:
45140
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
10/31/2011
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Java Runtime Environment 1.6 installed on the target machine.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Java Runtime Environment 1.6 installed
Expand Severity Title Port/Service
1
Installed Packages on Unix and Linux Operating Systems
QID:
45141
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
01/18/2012
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
This QID lists installed rpm packages or operating system vendor specific packages on the target Unix/Linux system.

Supported Unix or Linux Operating Systems:
RedHat Linux
CentOS
Suse
Fedora
Oracle Enterprise Linux
Debian
Ubuntu
IBM AIX
Solaris
Mac OS X

NOTE: If the system has more than 200 packages, this qid lists only first 200 packages.

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
libxml2 2.7.6-12.el6_4.1.x86_64
iwl3945-firmware 15.32.2.9-4.el6.noarch
xorg-x11-drv-vmmouse 12.9.0-10.el6.x86_64
libcanberra-gtk2 0.22-1.el6.x86_64
pulseaudio-libs-glib2 0.9.21-14.el6_3.x86_64
iso-codes 3.16-2.el6.noarch
libtalloc 2.0.7-2.el6.x86_64
ql23xx-firmware 3.03.27-3.1.el6.noarch
xorg-x11-drv-intel 2.20.2-2.el6.x86_64
totem-pl-parser 2.28.3-1.el6.x86_64
mozilla-filesystem 1.9-5.1.el6.x86_64
gcalctool 5.28.2-3.el6.x86_64
avahi-libs 0.6.25-12.el6.x86_64
compat-libstdc++-33 3.2.3-69.el6.i686
xorg-x11-drv-mach64 6.9.3-4.el6.x86_64
perl 5.10.1-129.el6.x86_64
libavc1394 0.5.3-9.1.el6.x86_64
ruby-shadow 1.4.1-13.el6.x86_64
xorg-x11-drv-dummy 0.3.6-2.el6.x86_64
gtksourceview2 2.8.2-4.el6.x86_64
perl-Module-Load-Conditional 0.30-129.el6.x86_64
gtk2 2.18.9-12.el6.x86_64
giflib 4.1.6-3.1.el6.x86_64
cups-libs 1.4.2-50.el6_4.4.x86_64
lockdev 1.0.1-18.el6.x86_64
gdm-libs 2.30.4-39.el6.x86_64
festival-lib 1.96-18.el6.x86_64
authconfig 6.1.12-13.el6.x86_64
libgsf 1.14.15-5.el6.x86_64
nautilus 2.28.4-19.el6.x86_64
libXaw 1.0.11-2.el6.x86_64
gstreamer-plugins-bad-free 0.10.19-2.el6.x86_64
perl-Archive-Tar 1.58-129.el6.x86_64
system-config-language 1.3.4-6.el6.noarch
gtkspell 2.0.16-1.el6.x86_64
perl-Test-Simple 0.92-129.el6.x86_64
mailx 12.4-6.el6.x86_64
xorg-x11-utils 7.5-6.el6.x86_64
NetworkManager-glib 0.8.1-43.el6.x86_64
systemtap-runtime 1.8-7.el6.x86_64
python-urlgrabber 3.9.1-8.el6.noarch
unzip 6.0-1.el6.x86_64
rpm 4.8.0-32.el6.x86_64
aspell 0.60.6-12.el6.x86_64
upstart 0.6.5-12.el6.x86_64
bfa-firmware 3.0.3.1-1.el6.noarch
gnome-python2 2.28.0-3.el6.x86_64
openswan 2.6.32-19.el6_3.x86_64
setserial 2.17-25.el6.x86_64
hwdata 0.233-7.9.el6.noarch
taglib 1.6.1-1.1.el6.x86_64
portreserve 0.0.4-9.el6.x86_64
psmisc 22.6-15.el6_0.1.x86_64
cpuspeed 1.5-19.el6.x86_64
nautilus-open-terminal 0.17-4.el6.x86_64
b43-fwcutter 012-2.2.el6.x86_64
setup 2.8.14-20.el6.noarch
m2crypto 0.20.2-9.el6.x86_64
gvfs-afc 1.4.3-15.el6.x86_64
perl-CPAN 1.9402-129.el6.x86_64
vim-common 7.2.411-1.8.el6.x86_64
abrt-cli 2.0.8-15.el6.x86_64
gnome-keyring 2.28.2-8.el6_3.x86_64
iputils 20071127-16.el6.x86_64
python-slip-dbus 0.2.20-1.el6_2.noarch
perl-ExtUtils-Embed 1.28-129.el6.x86_64
libisofs 0.6.32-1.el6.x86_64
plymouth-system-theme 0.8.3-27.el6.noarch
pytalloc 2.0.7-2.el6.x86_64
libdv 1.0.0-8.1.el6.x86_64
ipmitool 1.8.11-14.el6_4.1.x86_64
libproxy 0.3.0-4.el6_3.x86_64
filesystem 2.4.30-3.el6.x86_64
libvpx 0.9.0-8.el6_0.x86_64
Red_Hat_Enterprise_Linux-Release_Notes-6-en-US 4-2.el6.noarch
lcms-libs 1.19-1.el6.x86_64
libreport-python 2.0.9-15.el6.x86_64
libcap 2.16-5.5.el6.x86_64
tcsh 6.17-24.el6.x86_64
cpio 2.10-11.el6_3.x86_64
usbmuxd 1.0.2-1.el6.x86_64
java-1.5.0-gcj 1.5.0.0-29.1.el6.x86_64
libreport-cli 2.0.9-15.el6.x86_64
liberation-sans-fonts 1.05.1.20090721-5.el6.noarch
ql2400-firmware 5.08.00-1.el6.noarch
setuptool 1.19.9-3.el6.x86_64
libutempter 1.1.5-4.1.el6.x86_64
wget 1.12-1.8.el6.x86_64
latencytop 0.5-9.el6.x86_64
tzdata-java 2012j-2.el6.noarch
oddjob 0.30-5.el6.x86_64
bc 1.06.95-1.el6.x86_64
nscd 2.12-1.107.el6.x86_64
libsss_idmap 1.9.2-82.4.el6_4.x86_64
totem-nautilus 2.28.6-2.el6.x86_64
theora-tools 1.1.0-2.el6.x86_64
kernel-headers 2.6.32-358.2.1.el6.x86_64
iproute 2.6.32-23.el6.x86_64
newt 0.52.11-3.el6.x86_64
vim-enhanced 7.2.411-1.8.el6.x86_64
gnome-python2-bonobo 2.28.0-3.el6.x86_64
cyrus-sasl 2.1.23-13.el6_3.1.x86_64
dracut 004-303.el6.noarch
pyxdg 0.18-1.el6.noarch
nfs-utils 1.2.3-36.el6.x86_64
imsettings 0.108.0-3.6.el6.x86_64
edac-utils 0.9-14.el6.x86_64
keyutils-libs 1.4-4.el6.x86_64
docbook-dtds 1.0-51.el6.noarch
ibus-table 1.2.0.20100111-4.el6.noarch
compat-openldap 2.3.43-2.el6.x86_64
libpcap 1.0.0-6.20091201git117cb5.el6.x86_64
xorg-x11-fonts-Type1 7.2-9.1.el6.noarch
certmonger 0.61-3.el6.x86_64
rhino 1.7-0.7.r2.2.el6.noarch
xorg-x11-font-utils 7.2-11.el6.x86_64
readline 6.0-4.el6.x86_64
libXrender 0.9.7-2.el6.x86_64
ibus 1.3.4-6.el6.x86_64
perl-libwww-perl 5.833-2.el6.noarch
augeas-libs 0.9.0-4.el6.x86_64
powertop 1.11-6.el6.x86_64
xorg-x11-fonts-ISO8859-1-100dpi 7.2-9.1.el6.noarch
libXxf86vm 1.1.2-2.el6.x86_64
jasper-libs 1.900.1-15.el6_1.1.x86_64
coreutils 8.4-19.el6.x86_64
vlgothic-fonts 20091202-2.el6.noarch
mesa-libGL 9.0-0.7.el6.x86_64
un-core-pilgi-fonts 1.0.2-0.15.080608.el6.noarch
xorg-x11-server-common 1.13.0-11.el6.x86_64
libao 0.8.8-7.1.el6.x86_64
gnome-backgrounds 2.28.0-2.el6.noarch
xorg-x11-drv-savage 2.3.6-2.el6.x86_64
nss-softokn 3.12.9-11.el6.x86_64
openssl 1.0.0-27.el6_4.2.x86_64
pulseaudio 0.9.21-14.el6_3.x86_64
un-core-fonts-common 1.0.2-0.15.080608.el6.noarch
nss-util 3.14.0.0-2.el6.x86_64
rt73usb-firmware 1.8-7.el6.noarch
xorg-x11-drv-hyperpen 1.4.1-4.el6.x86_64
libgnomecanvas 2.26.0-4.el6.x86_64
gedit 2.28.4-3.el6.x86_64
libtdb 1.2.10-1.el6.x86_64
xorg-x11-drv-apm 1.2.5-5.el6.x86_64
perl-Pod-Simple 3.13-129.el6.x86_64
xorg-x11-drv-synaptics 1.6.2-11.el6.x86_64
libimobiledevice 0.9.7-4.el6.x86_64
brasero 2.28.3-6.el6.x86_64
perl-devel 5.10.1-129.el6.x86_64
facter 1.5.8-1.el6.noarch
xorg-x11-drv-rendition 4.2.5-2.el6.x86_64
libshout 2.2.2-5.1.el6.x86_64
libhugetlbfs 2.12-2.el6.x86_64
libtevent 0.9.17-1.el6.x86_64
PackageKit-gtk-module 0.5.8-21.el6.x86_64
perl-Package-Constants 0.02-129.el6.x86_64
gdm 2.30.4-39.el6.x86_64
libuser 0.56.13-5.el6.x86_64
gnome-speech 0.4.25-3.1.el6.x86_64
libogg 1.1.4-2.1.el6.x86_64
perl-IO-Compress-Zlib 2.020-129.el6.x86_64
bzip2-libs 1.0.5-7.el6_0.x86_64
gdm-plugin-fingerprint 2.30.4-39.el6.x86_64
atk 1.28.0-2.el6.x86_64
perl-Crypt-SSLeay 0.57-16.el6.x86_64
perl-Archive-Extract 0.38-129.el6.x86_64
gnome-terminal 2.31.3-8.el6.x86_64
boost-filesystem 1.41.0-11.el6_1.2.x86_64
perl-Digest-SHA 5.47-129.el6.x86_64
libXres 1.0.6-2.el6.x86_64
nc 1.84-22.el6.x86_64
libcurl 7.19.7-35.el6.x86_64
cifs-utils 4.8.1-18.el6.x86_64
notification-daemon 0.5.0-1.el6.x86_64
speex 1.2-0.12.rc1.1.el6.x86_64
mtr 0.75-5.el6.x86_64
e2fsprogs-libs 1.41.12-14.el6.x86_64
smartmontools 5.43-1.el6.x86_64
compat-db43 4.3.29-15.el6.x86_64
xorg-x11-xinit 1.0.9-13.el6.x86_64
quota 3.17-18.el6.x86_64
gnome-python2-extras 2.25.3-20.el6.x86_64
gdbm 1.8.0-36.el6.x86_64
compat-libgfortran-41 4.1.2-39.el6.x86_64
e2fsprogs 1.41.12-14.el6.x86_64
openssl-devel 1.0.0-27.el6_4.2.x86_64
libref_array 0.1.1-9.el6.x86_64
bluez-libs 4.66-1.el6.x86_64
libsepol 2.0.41-4.el6.x86_64
plymouth-theme-rings 0.8.3-27.el6.noarch
gvfs-archive 1.4.3-15.el6.x86_64
gnome-keyring-pam 2.28.2-8.el6_3.x86_64
perl-parent 0.221-129.el6.x86_64
sudo 1.8.6p3-7.el6.x86_64
cronie 1.4.4-7.el6.x86_64
bind-libs 9.8.2-0.17.rc1.el6.3.x86_64
alsa-utils 1.0.22-5.el6.x86_64
libmcpp 2.7.2-4.1.el6.x86_64
python-meh 0.12.1-3.el6.noarch
rarian 0.8.1-5.1.el6.x86_64
Expand Severity Title Port/Service
1
Ruby Installed on Host
QID:
45185
Category:
Information gathering
CVE ID:
-
Vendor Reference
Ruby
Bugtraq ID:
-
Service Modified:
01/16/2013
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Ruby is a programming language.

Ruby is installed on target host.

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
ruby 1.8.7 (2011-06-30 patchlevel 352) [x86_64-linux]
Expand Severity Title Port/Service
1
Internet Protocol version 6 (IPv6) Enabled on Target Host
QID:
45193
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/23/2013
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Internet Protocol version 6 (IPv6) is the latest revision of the Internet Protocol (IP), the communications protocol that routes traffic across the Internet. It is intended to replace IPv4, which still carries the vast majority of Internet traffic as of 2013.

This QID uses the registry key mentioned in Microsoft KB929852 to determine if IPv6 is enabled.

The detection works in the following way:
1) For Windows 2000,XP,2003
-- Check for existence of key "HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters"
2) For Windows Vista or 2008 or Windows 7 or Windows 8 or Windows Server 2012 and Windows RT:
-- It checks the value of "DisabledComponents" for key "HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters"
Note: This checks make use of Windows Management Instrumentation(WMI) to list IPv6 Addresses on target.

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
inet6 addr: fe80::62eb:69ff:fe8f:41b4/64 Scope:Link
inet6 addr: fe80::62eb:69ff:fe8f:41b5/64 Scope:Link
inet6 addr: ::1/128 Scope:Host
Expand Severity Title Port/Service
1
Open TCP Services List
QID:
82023
Category:
TCP/IP
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
06/15/2009
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The port scanner enables unauthorized users with the appropriate tools to draw a map of all services on this host that can be accessed from the Internet. The test was carried out with a "stealth" port scanner so that the server does not log real connections.

The Results section displays the port number (Port), the default service listening on the port (IANA Assigned Ports/Services), the description of the service (Description) and the service that the scanner detected using service discovery (Service Detected).

IMPACT:
Unauthorized users can exploit this information to test vulnerabilities in each of the open services.
SOLUTION:
Shut down any unknown or unused service on the list. If you have difficulty figuring out which service is provided by which process or program, contact your provider's support team. For more information about commercial and open-source Intrusion Detection Systems available for detecting port scanners of this kind, visit the CERT Web site.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
PortIANA Assigned Ports/ServicesDescriptionService DetectedOS On Redirected Port
22sshSSH Remote Login Protocolssh
Expand Severity Title Port/Service
1
ICMP Replies Received
QID:
82040
Category:
TCP/IP
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
01/16/2003
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
ICMP (Internet Control and Error Message Protocol) is a protocol encapsulated in IP packets. ICMP's principal purpose is to provide a protocol layer that informs gateways of the inter-connectivity and accessibility of other gateways or hosts.

We have sent the following types of packets to trigger the host to send us ICMP replies:

Echo Request (to trigger Echo Reply)
Timestamp Request (to trigger Timestamp Reply)
Address Mask Request (to trigger Address Mask Reply)
UDP Packet (to trigger Port Unreachable Reply)
IP Packet with Protocol >= 250 (to trigger Protocol Unreachable Reply)

Listed in the "Result" section are the ICMP replies that we have received.

SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
ICMP Reply TypeTriggered ByAdditional Information
Unreachable (type=3 code=10)(Various)Destination Host Prohibited
Echo (type=0 code=0)Echo RequestEcho Reply
Time Stamp (type=14 code=0)Time Stamp Request11:15:05 GMT
Expand Severity Title Port/Service
1
Degree of Randomness of TCP Initial Sequence Numbers
QID:
82045
Category:
TCP/IP
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
11/19/2004
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
TCP Initial Sequence Numbers (ISNs) obtained in the SYNACK replies from the host are analyzed to determine how random they are. The average change between subsequent ISNs and the standard deviation from the average are displayed in the RESULT section. Also included is the degree of difficulty for exploitation of the TCP ISN generation scheme used by the host.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Average change between subsequent TCP initial sequence numbers is 1158848351 with a standard deviation of 566898832. These TCP initial sequence numbers were triggered by TCP SYN probes sent to the host at an average rate of 1/(7119 microseconds). The degree of difficulty to exploit the TCP initial sequence number generation scheme is: hard.
Expand Severity Title Port/Service
1
IP ID Values Randomness
QID:
82046
Category:
TCP/IP
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
07/27/2006
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The values for the identification (ID) field in IP headers in IP packets from the host are analyzed to determine how random they are. The changes between subsequent ID values for either the network byte ordering or the host byte ordering, whichever is smaller, are displayed in the RESULT section along with the duration taken to send the probes. When incremental values are used, as is the case for TCP/IP implementation in many operating systems, these changes reflect the network load of the host at the time this test was conducted.

Please note that for reliability reasons only the network traffic from open TCP ports is analyzed.

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
IP ID changes observed (network order) for port 22: 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1
Duration: 36 milli seconds
Expand Severity Title Port/Service
1
Unix User List
QID:
105085
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
01/12/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The report sections catalogs users found on the host system.
IMPACT:
Make sure that the user list adheres to your security policy, so it's not possible for unauthorized users to launch attacks from the host.
SOLUTION:
Remove or modify users to comply with your security policy.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
root
bin
daemon
adm
lp
sync
shutdown
halt
mail
news
uucp
operator
games
gopher
ftp
nobody
rpm
wnn
rpc
xfs
gdm
rpcuser
nscd
ident
radvd
postgres
apache
pcap
sshd
smmsp
desktop
canna
amanda
webalizer
postfix
pvm
radiusd
ldap
netdump
quagga
kohls
defriese
konrad
altpeter
golin
craft
kutcher
randolph
pathman
fraher
mysql
perreira
kaluzny
rohweder
bunton
sizimmer
stilden
aginginfo
ntp
akers
daaleman
pcwebserver
sstearns
mailnull
vcsa
jonsson
cmartin
gboswell
gpink
oracle
mfunk
clorenz
cahfinance
ybiblin
changepass
kwessell
bmark
cmccall
emcclain
jknop
atytell
named
yyou
jsvihula
rferrari
cyrus
rahansen
fdn_description
fdn_search
aradford
tshubert
defrieseblackberry
abiddle
wilismail
nsiebens
racvnc
kscanlon
kdonahue
emchuang
connect
suggestions
djonas
bugzilla
dreuland
dirwin
cronmail
flexmonitoring
vhawk
provider_summit
cdeleon
mweinber
dllong
jag
dcash
dsmb
kjmorgan
mdemarco
dbelsky
byorkery
nciom
dsoto
safetynet
gboyer
knauer
asblack
nciom_shared
sgreen
gqifaxpdf
kjason
coybea
cybermation
psloane
kludwig
bls
galanko
agreeley
lindako
rswells
kmccombs
crosemon
csommer
mhpalmer
ioadirectors
dbus
unc-90a98a0c606$
lpenny
unc-l3afr1z$
schsr-39ccbc954$
schsr-c43757d25$
elockamy
sakarim
djwl8lc1$
d1xl8lc1$
ddq257b1$
d7n6skc1$
dbyl8lc1$
d2yl8lc1$
d1vl8lc1$
djf13p71$
d5412sc1$
mparikh
schsr-9a7a5e3ea$
cwines
haymore
schsr-31c09a77c$
mbards
shepsseawright$
ddzns5f1$
whelan-t43-vist$
whelan-t43v$
schsr-fff6ae56e$
schsr-74335921c$
ioa-230d$
jcscott
ioa-219$
dhdwfqc1$
schsr-51a2c3054$
ioa-230bleft$
d8khyqg1$
unc-4a5812aa126$
d4tpv251$
d1p5rsb1$
lambdellxp8200$
dg886dc1$
ioa-200a$
d93w9b81$
unc-l3gl555$
ioa-105b$
ioa-101g$
schsr-599182419$
ioa-101h$
unc-acaf9e3dc99$
schsr-1c6fd5205$
dgvnfhh1$
djp35sb1$
dwadell8200$
dhn5rsb1$
d238rt51$
ioa-100c$
dfnn6g51$
dh47mfg1$
ddgjzq91$
dfkhyqg1$
d6fnlz71$
dfvnfhh1$
d1b5kjl1$
nagios
lathren
sbrode
d9znrfc1$
d9vnfhh1$
maiga
dffv8vl1$
jlund
d5gjzq91$
hgross
valuestudy
thobgood
zullig
bshackne
carrdc
schsr-a591aa0e3$
unc-ef581e47546$
projectgrace
nwabuzor
adrianm
nyrop
careshare
dakirk
ahdunbar
ejturner
dinan
df2x0sl1$
schsr-833a31266$
hramick
tobinm
brownley
zke1
sirkus
dlrosen
vpate
mabrook
lairwins
lleone
blayton
haldaemon
avahi
avahi-autoipd
shepstest$
schsr-c6d68693a$
knbrugh
smithdb
lbnewman
cmingo
neuwahl
andrelb
dboozer
vcdacost
mellingt
felixa
faurot
abauer
jipatel
majani
rapage
mykaelaw
ioa200wkstudy$
styree
delmonte
dbfranci
ncosta
beaubrun
tstrigo
wcamelo
wyss
uccchw
lmccall
aswise
stateloanrepaymentproject
guangya
blalocks
dusinger
banas
wonyull
whelan-xp$
robinms
mbush8
caim
psamai
jvtodd
stedmans
panozzo
jlauffen
mesnad
xli
cnassef
arellis
acaprio
dsmacdon
rgoyal
jder
sophia
mwhelan
vcrisis
ltleadbe
yeatts
caspian
ramirez1
willialw
btbanks
opciones
smrutled
vmcgee
jiarongw
migrator
njenkins
cjschwar
plshaw
trickett
mcclure3
kcthomas
tcrutch
morrisse
lwerner
diehl
lchanson
cllewis
menielse
lcb82
jthorp
lwcohen
gilliamm
ibroyles
wallace
ausros01
mjsteine
ears
sylee
jacobssr
sschiro
zolotor
rablanco
mckeeman
vhoffman
mcrowson
emko
sayner
mclamber
kkerwin
morrismr
esnyder
kraziarp
shava
hardykd
lcwatson
halladay
reiter
cgale
dmaher
alexanlf
cbaker88
beadles
ark99
jgroves
sbgreene
pablackw
jhasti
scobrien
shirleyf
psilberm
rewillia
maddiem
pclevela
ykchang
pergolot
akranz
asimmons
eholdsw
tbards
naheedqs
kristae
jldecler
hendrixl
asbeeber
hlongmir
taconrad
ubader
bgodley
johnstad
alsalaat
mdomino
chwillia
wilkinst
mwhelanxp-vm$
dw99
motunde
vaugh
jsdill
norel
ewsmith
otrsmail
jchunter
carameta
abanask
ssayers
rhstone
arossouw
huanl
funte
maschwim
kodaniel
clrowe
villal
harrisr
amedward
lichstei
cvoisin
bergmire
cquach
forneris
jjurkiew
aweil
spara
clgray
mgokhale
ealcorn
lwbolton
kjundt12
greenroy
bbreeve
kirsteh
ljclayto
dmcmahan
cschwarz
spearma
monitor
gauchat
ellisar
bcass
lijustin
darterjd
atley
alroddy
kaodom
mgvn
kweisner
kistler
perryjr
freburg
kandring
dfarrar
farrar
chogue
hogue
rural
curasi
vmarshal
jgmarsha
magreen
rjs
bsleath
shwillia
crmoore
ajackman
mefraser
cislo
afdalton
zweifel
ajviera
awells82
cblument
tscarey
aspden
dewalt
dsdrummo
dantefan
berman
ecschnei
vfreeman
jgarrett
geraldg
gaulk
pguild
hhadley
tandreah
maiden
gholmes
kmab
cusack
foustkv
wardkt
lcallaha
lrchisho
dimartin
lhendrsn
cutchin
mchayes
kimim
melmann
mlmannin
mkray
chelminp
dilworth
pagodley
tealr
sbd
haviland
pierson
susanrg
richarsa
sqroyste
ssherida
sophia1
mielenz
twashing
delavarr
chariyev
sheps.agilbert
sheps.agreenblatt
sheps.aknapton
sheps.bloomis
sheps.brinson
sheps.bustillo
sheps.case
sheps.cburt
sheps.ccouncil
sheps.cmb
sheps.cwilliams
sheps.dedwards
sheps.dmafa
sheps.dparker
sheps.dthigpen
sheps.dwharles
sheps.erichmond
sheps.froschd
sheps.fwilson
sheps.gperez
sheps.hbrill
sheps.herrerai
sheps.jmbrown
sheps.krolmsted
sheps.kthaler
sheps.lfrisman
sheps.llaird
sheps.lmorgan
sheps.mancudc
sheps.martino
sheps.mashok
sheps.mays
sheps.nberkman
sheps.psista
sheps.sellsworth
sheps.slloyd
sheps.speacock
sheps.stanford
sheps.sthaker
sheps.tphillips
sheps.uminn
sheps.vandy
sheps.wlanderson
sheps.zwiggins
meyera
andreay
gaynes
schoster
abunger
cherbear
gcuddeba
reedda
corbiesm
rgoetze
hlkendra
jmcarpen
garbutt
jencm
mjolles
catwoman
mpollock
ksalisbu
blamb
ljedward
rlgillia
moglesbe
shender1
wqstepha
wrc4
how
wknichol
ajwong
sheps.dnorwood
bwhitene
egw
jak
brouckso
kmlowe
liana
leshort
mandsage
pjstein
abstout
mcdshaun
talbrit
jenkins7
vansc005
yferguso
wllogan
robchris
cdejones
sheps.kien
sheps.tphillips252
lyonsman
rwicker
sheps.len
otrs
vdhandha
kost
lbanks
jkatz6
gbhamra
lauraq03
sas
sheps.schulte
dwrodrig
apgoode
lywhite
ajkatz
rey
ronakp
sheps.ncbop
sheps.ncchiroboard
sheps.ncdentalboard
sheps.ncmedboard
sheps.ncbon
sheps.ncbot
sheps.ncoptometry
sheps.ncptboard
sheps.ncbpe
sheps.ncpsych
sheps.ncrcb
jcmiddle
mbhojani
eperrin
hannap
jsonis
moloney
rsalloum
dibarnes
sheps.hng
agans
marean
rcchen
tkuo
nsheets
kgraveli
mrwaters
ecahoon
lindsayb
ywu8
melvinl
homari
nfsnobody
sabayon
aimyong
cjbarcla
chelu
akampov
amw45
sheps.jtalcott
shaw0002
slewis7
grayt
mbelden
jironali
cdmack
teharvey
kba9
lcnewton
jboortz
rdanem
elbogen
moeykens
egracef
stuermer
kmottus
kimplead
ntbrewer
defrank
mvu
elstad
amdeal
dmoore9
jrumbach
perreras
sheps.wynn
jacks
sheps.etant
pennd
tkinsey
johnmcge
ambutler
vhogan
donohuek
kzblack
rebland
tghazari
tvemily
tsnyder
wrightdc
alstar7
sheps.steixeira
sheps.achepaitis
scyker
munishi
sutkowi
sethc
ladrake
sheps.adamsj
rclevela
cdryan
slota
puppet
portal.shepscenter.unc.edu
smille
nvanderw
rees
rjdesai
cabjones
lthomps2
dlmiller
akwilli4
ais
jtnewsom
shedendl
clarkkc
mstaples
dhtaylor
martinjp
sheps.jacksonna06
eebetts
richara
naseer
linnan
jmstrong
cripps
selker
ksfox
jffarley
cfkane
ameagher
dom_qualys.scn
chantala
sbrown4
hycao
breams
rrodri24
moorekpl
hnewton
jcantrel
prasad
sheps.kcullen
portal
sheps.bartlett
shjulie
ewharris
bucknet
aodulana
tgriff
feltner
rmooneyh
sulzer
dongmeil
mbixby
meghall
ipatent
diazi
ayc2
banga
aarena
geneva
cjrowe
horsford
derekh
moonh
cjmiller
ktruesda
bbarbosa
kreederh
cedougla
mtluong
mdcob
gbushnel
rposey
kant
ckirby8
dfairbro
nellie10
laroe
blinares
sirs_servant
ekebede
goldin
elopez32
llux
jmjolley
goldberj
dlmonroe
bcarlson
pignone
dwatford
chexi
jlhongtw
ccene
cbmorris
orojas
yinl
aamoore
viswana
laping
kpearl01
jialianl
bychoi
ccrews
leila
hmwolff
sheps.mwhelan
downer
afcooper
boeprdvm4
sheitman
bmcguirt
sratner
aakinkug
massimon
nbelenky
abengtso
mborse
mconover
ccordero
mdarcy
aeudy
vgoli
akinlaw
tlliu
minm
overmar
awr
dyin
jjones86
aglockha
pawind
yenlow
jjf
cwoodell
spss
cginley
ramans
jrcarlso
ecjensen
ecobran
jamiec
kjmcderm
mkclarke
zzheng
mmkim
gjdave
mraborn
saswanso
edstephe
lwegner
lwatson
kcullen
ndollar
acdennis
lwidman
Expand Severity Title Port/Service
1
"At" Command Configuration
QID:
105143
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
03/22/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The "At" command allows users to run executables on the system at arbitrary future times. Depending on site policy, this could be considered as a security threat.

The superuser may use these commands in any case. For other users, permission to use the "at" command is determined by the files /etc/at.allow and /etc/at.deny.

If the file /etc/at.allow exists, only usernames mentioned in the file are allowed to use the "at" command. If /etc/at.allow does not exist, /etc/at.deny is checked, and every username not mentioned in it is then allowed to use the "at" command. If neither file exists, only the superuser is allowed use of the "at" command. An empty /etc/at.deny means that all users are allowed access. This is the default configuration.

Note: The Results section is formatted in the following way: It first lists the "ls -la" permissions of any /etc/at.allow or /etc/at.deny files on the target. If present, the contents of the files are "cat"ed (at.deny is typically empty, so it will show up as white space). If the "ls -la" line and the contents of the corresponding file are not shown, it means the file does not exist on the target.

IMPACT:
N/A
SOLUTION:
Please check the configuration to ensure only authorized users of the system have access to the "at" command.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
-rw-r--r-- 1 root root 1 Jan 19 2012 /etc/at.deny
Expand Severity Title Port/Service
1
Linux - Network Parameter - tcp_max_syn_backlog Value
QID:
105301
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/01/2006
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The value specifies the maximum number of remembered connection requests which have not yet received an acknowledgment from the connecting client.
IMPACT:
N/A
SOLUTION:
The Center for Internet Security recommends that the value be set to 4096.

This value can be enabled in Linux by editing the /etc/sysctl.conf to reflect the following:
net.ipv4.tcp_max_syn_backlog = 4096

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
2048
Expand Severity Title Port/Service
1
Linux - Network Parameter - rp_filter Value
QID:
105302
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/11/2006
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The rp_filter can reject incoming packets if their source address doesn't match the network interface that they're arriving on.

The conf/all/rp_filer value is boolean:

0 - No source validation.

1 - Do source validation.

IMPACT:
If source validation is enabled this helps to prevent IP spoofing.
SOLUTION:
The Center for Internet Security recommends that the value be set to 1.

This value can be enabled in Linux by editing the /etc/sysctl.conf to reflect the following:
net.ipv4.conf.all.rp_filter = 1 net.ipv4.conf.default.rp_filter = 1

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
/proc/sys/net/ipv4/conf/all/rp_filter:0
Expand Severity Title Port/Service
1
Linux - Network Parameter - accept_source_route Value
QID:
105303
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/11/2006
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The accept_source_route value specifies how to handle packets with the SSR option set.

The conf/all/accept_source_route value is boolean:

0 - Do not accept packets

1 - Accept packets

IMPACT:
N/A
SOLUTION:
The Center for Internet Security recommends that the value be set to 0.

This value can be enabled in Linux by editing the /etc/sysctl.conf to reflect the following:
net.ipv4.conf.all.accept_source_route = 0 net.ipv4.conf.default.accept_source_route = 0

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
No results available
Expand Severity Title Port/Service
1
Linux - Network Parameter - accept_redirects Value
QID:
105304
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/11/2006
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The accept_redirects variable specifies if the system should accept ICMP redirect messages.

The conf/all/accept_redirects value is boolean:

0 - Do not accept ICMP redirect messages.

1 - Accept ICMP redirect messages.

IMPACT:
N/A
SOLUTION:
The Center for Internet Security recommends that the value be set to 0.

This value can be enabled in Linux by editing the /etc/sysctl.conf to reflect the following:
net.ipv4.conf.all.accept_redirects = 0 net.ipv4.conf.default.accept_redirects = 0

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
/proc/sys/net/ipv4/conf/all/accept_redirects:1
/proc/sys/net/ipv4/conf/default/accept_redirects:1
/proc/sys/net/ipv4/conf/eth0/accept_redirects:1
/proc/sys/net/ipv4/conf/eth1/accept_redirects:1
Expand Severity Title Port/Service
1
Linux - Network Parameter - secure_redirects Value
QID:
105306
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/11/2006
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The secure_redirects variable specifies if the system should accept ICMP redirect messages from any host, anywhere.

The conf/all/secure_redirects value is boolean:

0 - Accept ICMP redirect messages from any host.

1 - Accept ICMP redirect messages from gateways listed in default gateway list.

IMPACT:
N/A
SOLUTION:
The Center for Internet Security recommends that the value be set to 0.

This value can be enabled in Linux by editing the /etc/sysctl.conf to reflect the following:
net.ipv4.conf.all.secure_redirects = 0 net.ipv4.conf.default.secure_redirects = 0

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
/proc/sys/net/ipv4/conf/all/secure_redirects:1
/proc/sys/net/ipv4/conf/default/secure_redirects:1
/proc/sys/net/ipv4/conf/eth0/secure_redirects:1
/proc/sys/net/ipv4/conf/eth1/secure_redirects:1
Expand Severity Title Port/Service
1
Unix Environment Variables
QID:
115041
Category:
Local
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
01/10/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The result section shows environment variables on the target machine.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
HOSTNAME=s191.schsr.unc.edu
TERM=vt100
SHELL=/bin/bash
HISTSIZE=1000
SSH_CLIENT=152.2.20.88 59183 22
QTDIR=/usr/lib64/qt-3.3
QTINC=/usr/lib64/qt-3.3/include
SSH_TTY=/dev/pts/0
USER=monitor
LS_COLORS=rs=0:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=01;05;37;41:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arj=01;31:*.taz=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.zip=01;31:*.z=01;31:*.Z=01;31:*.dz=01;31:*.gz=01;31:*.lz=01;31:*.xz=01;31:*.bz2=01;31:*.tbz=01;31:*.tbz2=01;31:*.bz=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.rar=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.jpg=01;35:*.jpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.axv=01;35:*.anx=01;35:*.ogv=01;35:*.ogx=01;35:*.aac=01;36:*.au=01;36:*.flac=01;36:*.mid=01;36:*.midi=01;36:*.mka=01;36:*.mp3=01;36:*.mpc=01;36:*.ogg=01;36:*.ra=01;36:*.wav=01;36:*.axa=01;36:*.oga=01;36:*.spx=01;36:*.xspf=01;36:di=01;35:
MAIL=/var/spool/mail/monitor
PATH=/usr/lib64/qt-3.3/bin:/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin:/mnt/files/users/monitor/bin
PWD=/mnt/files/users/monitor
LANG=en_US.UTF-8
SSH_ASKPASS=/usr/libexec/openssh/gnome-ssh-askpass
HISTCONTROL=ignoredups
SHLVL=1
HOME=/mnt/files/users/monitor
ORIG_PATH=/usr/lib64/qt-3.3/bin:/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin:/mnt/files/users/monitor/bin
LOGNAME=monitor
QTLIB=/usr/lib64/qt-3.3/lib
CVS_RSH=ssh
SSH_CONNECTION=152.2.20.88 59183 152.2.35.191 22
LESSOPEN=|/usr/bin/lesspipe.sh %s
G_BROKEN_FILENAMES=1
_=/usr/bin/env
Expand Severity Title Port/Service
1
File System Information
QID:
115044
Category:
Local
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
01/10/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The result section lists file systems currently supported by the target host.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
nodev sysfs
nodev rootfs
nodev bdev
nodev proc
nodev cgroup
nodev cpuset
nodev tmpfs
nodev devtmpfs
nodev binfmt_misc
nodev debugfs
nodev securityfs
nodev sockfs
nodev usbfs
nodev pipefs
nodev anon_inodefs
nodev inotifyfs
nodev devpts
nodev ramfs
nodev hugetlbfs
iso9660
nodev pstore
nodev mqueue
ext3
xfs
nodev rpc_pipefs
nodev autofs
nodev nfsd
Expand Severity Title Port/Service
1
Hard Drive Device Information
QID:
115045
Category:
Local
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
01/10/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The results section displays the target system's current hard drives.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
#
# /etc/fstab
# Created by anaconda on Sat May 7 13:13:37 2011
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/VolGroup_ID_20693-LogVol1 / ext3 defaults 1 1
UUID=377ecf8c-580a-4c93-b586-70cc5b6f9e89 /boot ext3 defaults 1 2
/dev/mapper/VolGroup_ID_20693-LogVol2 /tmp ext3 defaults 1 2
/dev/mapper/VolGroup_ID_20693-LogVol5 /usr ext3 defaults 1 2
/dev/mapper/VolGroup_ID_20693-LogVol4 /var ext3 defaults 1 2
/dev/mapper/VolGroup_ID_20693-LogVol0 swap swap defaults 0 0
tmpfs /dev/shm tmpfs defaults 0 0
devpts /dev/pts devpts gid=5,mode=620 0 0
sysfs /sys sysfs defaults 0 0
proc /proc proc defaults 0 0
/dev/VolGroup_ID_20693/LogVolHome /home ext3 defaults 1 2
/dev/sdb1 /mnt/nfs4 xfs defaults 0 0
/dev/sdc1 /mnt/backup-sheps xfs defaults 0 0
Expand Severity Title Port/Service
1
Disk Usage Information
QID:
115046
Category:
Local
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
01/10/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The result section shows the amount of free space left on currently mounted drives.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/mapper/VolGroup_ID_20693-LogVol1
3031760 610008 2267744 22% /
tmpfs 8157764 0 8157764 0% /dev/shm
/dev/sda2 198337 56689 131408 31% /boot
/dev/mapper/VolGroup_ID_20693-LogVol2
516040 16820 473008 4% /tmp
/dev/mapper/VolGroup_ID_20693-LogVol5
46638048 2576680 41692244 6% /usr
/dev/mapper/VolGroup_ID_20693-LogVol4
57411860 3971640 50523868 8% /var
/dev/mapper/VolGroup_ID_20693-LogVolHome
24351124 433676 22680456 2% /home
/dev/sdb1 3904036356 910526604 2993509752 24% /mnt/nfs4
/dev/sdc1 15621693440 7971293668 7650399772 52% /mnt/backup-sheps
Expand Severity Title Port/Service
1
Processor Information for Unix Target
QID:
115048
Category:
Local
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
11/02/2006
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The result section displays the processor information of the Unix based host system.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
No results available
Expand Severity Title Port/Service
1
Memory Information
QID:
115049
Category:
Local
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
03/22/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The results section shows the total amount of free and used physical memory and swap space on the host system in megabytes. It also shows buffers and cache consumed by the kernel.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
total used free shared buffers cached
Mem: 15933 12012 3920 0 59 2611
-/+ buffers/cache: 9341 6591
Swap: 8191 0 8191
Total: 24125 12012 12112
Expand Severity Title Port/Service
1
cron.allow File Does Not Exist
QID:
115065
Category:
Local
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
06/23/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The "cron.allow" file was not found on this system.

The cron daemon runs shell commands at specified dates and times. It is executed upon system initialization and remains active while the system is operating in multi-user mode.

When the crontab command is invoked, it examines the files "cron.deny" and "cron.allow" in the system's cron directory to grant or revoke the modification of the crontab spool file. If a username appears in the "cron.allow" file, the crontab command may be executed. If that file does not exist and the user's name does not appear in the "cron.deny" file, then cron can be used.

IMPACT:
cron can potentially be invoked by users for whom it is not intended.
SOLUTION:
Check to be sure that the absence of the "cron.allow" file is in compliance with your organization's security policy.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
No results available
Expand Severity Title Port/Service
1
daemon.notice Entry Missing in syslog.conf
QID:
115068
Category:
Local
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
07/19/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The file /etc/syslog.conf contains information used by the system log daemon (syslogd) to forward a system message to appropriate log files and/or users. An entry of the form:

daemon.notice[Tab]logfile

ensures that all conditions involving daemons (such as ftpd) that are not error conditions are logged in a logfile. This entry was found to be missing from the syslog.conf file.

IMPACT:
N/A
SOLUTION:
Ensure that the absence of the daemon.notice entry is in compliance with your organization's security policy.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
grep: /etc/syslog.conf: No such file or directory
Expand Severity Title Port/Service
1
Kernel Routing Tables Information
QID:
125000
Category:
Forensics
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
02/22/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The result section displays the kernel routing tables for the target host.
IMPACT:
N/A
SOLUTION:
Check to be sure that the information reported adheres to your security policy.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
152.2.35.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
0.0.0.0 152.2.35.1 0.0.0.0 UG 0 0 0 eth0
Expand Severity Title Port/Service
1
Host File Information
QID:
125004
Category:
Forensics
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
08/08/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The /etc/hosts file is a local database that associates the names of hosts with their Internet Protocol (IP) addresses. The hosts file can be used in conjunction with, or instead of, other hosts databases including the Domain Name System (DNS), the NIS hosts map, and the NIS+ hosts table. Programs use library interfaces to access information in the hosts file.
IMPACT:
The /etc/hosts file can be tampered with in such a way that a hostname is translated into a malicious IP.
SOLUTION:
Make sure that the configuration reported adheres to your security policy.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
127.0.0.1 localhost.localdomain localhost
::1 s191.schsr.unc.edu s191 localhost6.localdomain6 localhost6
152.2.35.103 puppet
152.2.35.99 datasets
152.2.35.82 cecil
152.2.35.88 sas_intrnet
152.2.35.208 web1dev
152.2.35.211 crc crcseniors
Expand Severity Title Port/Service
1
SSH daemon information retrieving port 22/tcp
QID:
38047
Category:
General remote services
CVE ID:
CVE-1999-0634
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
04/21/2009
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
SSH is a secure protocol, provided it is fully patched, properly configured, and uses FIPS approved algorithms.


For Red Hat ES 4:-

SSH1 supported					yes

Supported authentification methods for SSH1	RSA,password

Supported ciphers for SSH1			3des,blowfish

SSH2 supported					yes

Supported keys exchange algorithm for SSH2	diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

Supported decryption ciphers for SSH2		aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr

Supported encryption ciphers for SSH2		aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr

Supported decryption mac for SSH2		hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

Supported encryption mac for SSH2		hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

Supported authentification methods for SSH2	publickey,gssapi-with-mic,password

IMPACT:
Successful exploitation allows an attacker to execute arbitrary commands on the SSH server or otherwise subvert an encrypted SSH channel with arbitrary data.
SOLUTION:
SSH version 2 is preferred over SSH version 1.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
SSH1 supportedno
SSH2 supportedyes
Supported keys exchange algorithm for SSH2diffie-hellman-group-exchange-sha256, diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha1, diffie-hellman-group1-sha1
Supported decryption ciphers for SSH2aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se
Supported encryption ciphers for SSH2aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se
Supported decryption mac for SSH2hmac-md5, hmac-sha1, umac-64@openssh.com, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-sha1-96, hmac-md5-96
Supported encryption mac for SSH2hmac-md5, hmac-sha1, umac-64@openssh.com, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-sha1-96, hmac-md5-96
Supported authentication methods for SSH2password, publickey
Expand Severity Title Port/Service
1
SSH Banner port 22/tcp
QID:
38050
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
02/04/2003
User Modified:
-
Edited:
No
PCI Vuln:
No
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
SSH-2.0-OpenSSH_5.3
Expand Severity Title Port/Service
1
Unix Authentication Method port 22/tcp
QID:
38307
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
09/06/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Unix authentication was performed. The Result section in your detailed results displays the authentication method that was used for this host.

Unix authentication is used to obtain remote access to different command line services such as SSH, telnet and rlogin. Specified credentials must include a user name and may include a password, an RSA private key and/or a DSA private key. When authenticating to target hosts that support SSH2, authentication is attempted in the following order: 1) RSA key, 2) DSA key and 3) user name and password. For target hosts that only support SSH1, only the supplied user name and password are used for authentication.

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
User Namemonitor
Authentication SchemeDSA Key
ProtocolSSH Version 2
Discovery MethodLogin credentials provided by user
Using sudoNo
Authentication RecordDSA Authentication
Expand Severity Title Port/Service
4
Red Hat Update for Kernel (RHSA-2013-0630)
 
QID:
121017
Category:
Local
CVE ID:
CVE-2013-0228 CVE-2013-0268
Vendor Reference
RHSA-2013-0630
Bugtraq ID:
-
Service Modified:
03/14/2013
User Modified:
-
Edited:
No
PCI Vuln:
Yes
CVSS Base:
6.2
CVSS Temporal:
4.9
THREAT:
The kernel packages contain the Linux kernel, the core of any Linux operating system.

This update fixes the following security issues:

* A flaw was found in the way the xen_iret() function in the Linux kernel used the DS (the CPU's Data Segment) register. A local, unprivileged user in a 32-bit, para-virtualized Xen hypervisor guest could use this flaw to crash the guest or, potentially, escalate their privileges. (CVE-2013-0228, Important)

* A flaw was found in the way file permission checks for the "/dev/cpu/[x]/msr" files were performed in restricted root environments (for example, when using a capability-based security model). A local user with the ability to write to these files could use this flaw to escalate their privileges to kernel level, for example, by writing to the SYSENTER_EIP_MSR register. (CVE-2013-0268, Important)

Users should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs noted in the Technical Notes. The system must be rebooted for this update to take effect.

IMPACT:
This vulnerability could be exploited to gain complete access to sensitive information. Malicious users could also use this vulnerability to change all the contents or configuration on the system.
SOLUTION:
Upgrade to the latest packages which contain a patch. These are available from the Red Hat Network.

To install packages using the command line interface, use the command "yum update".

Refer to Red Hat security advisory RHSA-2013-0630 to address this issue and obtain further details.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

RHSA-2013-0630: RHEL Server Debuginfo (v.6 for IBM System z) (perf-debuginfo-2.6.32-358.2.1.el6.s390x)

RHSA-2013-0630: RHEL Server Debuginfo (v.6 for IBM System z) (kernel-kdump-debuginfo-2.6.32-358.2.1.el6.s390x)

RHSA-2013-0630: RHEL Server Debuginfo (v.6 for IBM System z) (kernel-debuginfo-common-s390x-2.6.32-358.2.1.el6.s390x)

RHSA-2013-0630: RHEL Server Debuginfo (v.6 for IBM System z) (kernel-debuginfo-2.6.32-358.2.1.el6.s390x)

RHSA-2013-0630: RHEL Server Debuginfo (v.6 for IBM System z) (python-perf-debuginfo-2.6.32-358.2.1.el6.s390x)

RHSA-2013-0630: RHEL Server Debuginfo (v.6 for IBM System z) (kernel-debug-debuginfo-2.6.32-358.2.1.el6.s390x)

RHSA-2013-0630: RHEL Server Debuginfo (v.6 for x86) (python-perf-debuginfo-2.6.32-358.2.1.el6.i686)

RHSA-2013-0630: RHEL Server Debuginfo (v.6 for x86) (perf-debuginfo-2.6.32-358.2.1.el6.i686)

RHSA-2013-0630: RHEL Server Debuginfo (v.6 for x86) (kernel-debuginfo-common-i686-2.6.32-358.2.1.el6.i686)

RHSA-2013-0630: RHEL Server Debuginfo (v.6 for x86) (kernel-debuginfo-2.6.32-358.2.1.el6.i686)

RHSA-2013-0630: RHEL Server Debuginfo (v.6 for x86) (kernel-debug-debuginfo-2.6.32-358.2.1.el6.i686)

RHSA-2013-0630: RHEL Server Debuginfo (v.6 for x86_64) (perf-debuginfo-2.6.32-358.2.1.el6.x86_64)

RHSA-2013-0630: RHEL Server Debuginfo (v.6 for x86_64) (python-perf-debuginfo-2.6.32-358.2.1.el6.x86_64)

RHSA-2013-0630: RHEL Server Debuginfo (v.6 for x86_64) (kernel-debug-debuginfo-2.6.32-358.2.1.el6.x86_64)

RHSA-2013-0630: RHEL Server Debuginfo (v.6 for x86_64) (kernel-debuginfo-common-x86_64-2.6.32-358.2.1.el6.x86_64)

RHSA-2013-0630: RHEL Server Debuginfo (v.6 for x86_64) (kernel-debuginfo-2.6.32-358.2.1.el6.x86_64)

RHSA-2013-0630: RHEL Server Optional (v. 6 64-bit x86_64) (python-perf-2.6.32-358.2.1.el6.x86_64)

RHSA-2013-0630: RHEL Server Optional (v. 6 IBM System z) (python-perf-2.6.32-358.2.1.el6.s390x)

RHSA-2013-0630: RHEL Server Optional (v. 6 for 32-bit x86) (python-perf-2.6.32-358.2.1.el6.i686)

RHSA-2013-0630: RHEL Server Optional Debuginfo (v.6 IBM System z) (perf-debuginfo-2.6.32-358.2.1.el6.s390x)

RHSA-2013-0630: RHEL Server Optional Debuginfo (v.6 IBM System z) (kernel-kdump-debuginfo-2.6.32-358.2.1.el6.s390x)

RHSA-2013-0630: RHEL Server Optional Debuginfo (v.6 IBM System z) (kernel-debuginfo-common-s390x-2.6.32-358.2.1.el6.s390x)

RHSA-2013-0630: RHEL Server Optional Debuginfo (v.6 IBM System z) (kernel-debuginfo-2.6.32-358.2.1.el6.s390x)

RHSA-2013-0630: RHEL Server Optional Debuginfo (v.6 IBM System z) (python-perf-debuginfo-2.6.32-358.2.1.el6.s390x)

RHSA-2013-0630: RHEL Server Optional Debuginfo (v.6 IBM System z) (kernel-debug-debuginfo-2.6.32-358.2.1.el6.s390x)

RHSA-2013-0630: RHEL Server Optional Debuginfo (v.6 for x86) (python-perf-debuginfo-2.6.32-358.2.1.el6.i686)

RHSA-2013-0630: RHEL Server Optional Debuginfo (v.6 for x86) (perf-debuginfo-2.6.32-358.2.1.el6.i686)

RHSA-2013-0630: RHEL Server Optional Debuginfo (v.6 for x86) (kernel-debuginfo-common-i686-2.6.32-358.2.1.el6.i686)

RHSA-2013-0630: RHEL Server Optional Debuginfo (v.6 for x86) (kernel-debuginfo-2.6.32-358.2.1.el6.i686)

RHSA-2013-0630: RHEL Server Optional Debuginfo (v.6 for x86) (kernel-debug-debuginfo-2.6.32-358.2.1.el6.i686)

RHSA-2013-0630: RHEL Server Optional Debuginfo (v.6 x86_64) (perf-debuginfo-2.6.32-358.2.1.el6.x86_64)

RHSA-2013-0630: RHEL Server Optional Debuginfo (v.6 x86_64) (python-perf-debuginfo-2.6.32-358.2.1.el6.x86_64)

RHSA-2013-0630: RHEL Server Optional Debuginfo (v.6 x86_64) (kernel-debug-debuginfo-2.6.32-358.2.1.el6.x86_64)

RHSA-2013-0630: RHEL Server Optional Debuginfo (v.6 x86_64) (kernel-debuginfo-common-x86_64-2.6.32-358.2.1.el6.x86_64)

RHSA-2013-0630: RHEL Server Optional Debuginfo (v.6 x86_64) (kernel-debuginfo-2.6.32-358.2.1.el6.x86_64)

RHSA-2013-0630: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (kernel-firmware-2.6.32-358.2.1.el6.noarch)

RHSA-2013-0630: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (kernel-headers-2.6.32-358.2.1.el6.i686)

RHSA-2013-0630: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (kernel-2.6.32-358.2.1.el6.i686)

RHSA-2013-0630: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (kernel-doc-2.6.32-358.2.1.el6.noarch)

RHSA-2013-0630: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perf-2.6.32-358.2.1.el6.i686)

RHSA-2013-0630: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (kernel-devel-2.6.32-358.2.1.el6.i686)

RHSA-2013-0630: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (kernel-debug-devel-2.6.32-358.2.1.el6.i686)

RHSA-2013-0630: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (kernel-debug-2.6.32-358.2.1.el6.i686)

RHSA-2013-0630: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perf-2.6.32-358.2.1.el6.x86_64)

RHSA-2013-0630: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (kernel-headers-2.6.32-358.2.1.el6.x86_64)

RHSA-2013-0630: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (kernel-devel-2.6.32-358.2.1.el6.x86_64)

RHSA-2013-0630: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (kernel-debug-devel-2.6.32-358.2.1.el6.x86_64)

RHSA-2013-0630: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (kernel-debug-2.6.32-358.2.1.el6.x86_64)

RHSA-2013-0630: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (kernel-2.6.32-358.2.1.el6.x86_64)

RHSA-2013-0630: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (kernel-firmware-2.6.32-358.2.1.el6.noarch)

RHSA-2013-0630: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (kernel-doc-2.6.32-358.2.1.el6.noarch)

RHSA-2013-0630: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perf-2.6.32-358.2.1.el6.s390x)

RHSA-2013-0630: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (kernel-kdump-2.6.32-358.2.1.el6.s390x)

RHSA-2013-0630: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (kernel-headers-2.6.32-358.2.1.el6.s390x)

RHSA-2013-0630: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (kernel-devel-2.6.32-358.2.1.el6.s390x)

RHSA-2013-0630: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (kernel-debug-devel-2.6.32-358.2.1.el6.s390x)

RHSA-2013-0630: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (kernel-firmware-2.6.32-358.2.1.el6.noarch)

RHSA-2013-0630: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (kernel-kdump-devel-2.6.32-358.2.1.el6.s390x)

RHSA-2013-0630: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (kernel-debug-2.6.32-358.2.1.el6.s390x)

RHSA-2013-0630: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (kernel-2.6.32-358.2.1.el6.s390x)

RHSA-2013-0630: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (kernel-doc-2.6.32-358.2.1.el6.noarch)

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
Reference:
CVE-2013-0268
Description:
Linux Kernel 'MSR' Driver Local Privilege Escalation - The Exploit-DB Ref : 27297
Link:
http://www.exploit-db.com/exploits/27297
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
PackageInstalled VersionRequired Version
kernel2.6.32-358.0.1.el6.x86_642.6.32-358.2.1.el6
Expand Severity Title Port/Service
3
Red Hat Update for OpenLDAP (RHSA-2011-0347)
 
QID:
119049
Category:
Local
CVE ID:
CVE-2011-1024 CVE-2011-1025 CVE-2011-1081
Vendor Reference
RHSA-2011-0347
Bugtraq ID:
-
Service Modified:
03/15/2011
User Modified:
-
Edited:
No
PCI Vuln:
Yes
CVSS Base:
6.8
CVSS Temporal:
5
THREAT:
OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools.

A flaw was found in the way OpenLDAP handled authentication failures being passed from an OpenLDAP slave to the master. If OpenLDAP was configured with a chain overlay and it forwarded authentication failures, OpenLDAP would bind to the directory as an anonymous user and return success, rather than return failure on the authenticated bind. This could allow a user on a system that uses LDAP for authentication to log into a directory-based account without knowing the password. (CVE-2011-1024)

It was found that the OpenLDAP back-ndb back end allowed successful authentication to the root distinguished name (DN) when any string was provided as a password. A remote user could use this flaw to access an OpenLDAP directory if they knew the value of the root DN. Note: This issue only affected OpenLDAP installations using the NDB back-end, which is only available for Red Hat Enterprise Linux 6 via third-party software. (CVE-2011-1025)

A flaw was found in the way OpenLDAP handled modify relative distinguished name (modrdn) requests. A remote, unauthenticated user could use this flaw to crash an OpenLDAP server via a modrdn request containing an empty old RDN value. (CVE-2011-1081)

Users of OpenLDAP should upgrade to these updated packages, which contain backported patches to resolve these issues. After installing this update, the OpenLDAP daemons will be restarted automatically.

IMPACT:
Exploitation could allow an attacker to gain unauthorized access.
SOLUTION:
Upgrade to the latest packages which contain a patch. These are available from the Red Hat Network.

Steps on using the Red Hat Network to apply packages are listed as follows:
For Red Hat Enterprise Linux Versions 2.1, 3, and 4, the interactive Update Agent can be launched with the "up2date" command.

For Red Hat Enterprise Linux Version 5, the graphical Update tool can be launched with the "pup" command.

To install packages using the command line interface, use the command "yum update".

Refer to Red Hat security advisory RHSA-2011-0347 to address this issue and obtain further details.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

RHSA-2011-0347: RHEL Server Debuginfo (v.6 for IBM System z) (openldap-debuginfo-2.4.19-15.el6_0.2.s390x)

RHSA-2011-0347: RHEL Server Debuginfo (v.6 for IBM System z) (openldap-debuginfo-2.4.19-15.el6_0.2.s390)

RHSA-2011-0347: RHEL Server Debuginfo (v.6 for x86) (openldap-debuginfo-2.4.19-15.el6_0.2.i686)

RHSA-2011-0347: RHEL Server Debuginfo (v.6 for x86_64) (openldap-debuginfo-2.4.19-15.el6_0.2.x86_64)

RHSA-2011-0347: RHEL Server Debuginfo (v.6 for x86_64) (openldap-debuginfo-2.4.19-15.el6_0.2.i686)

RHSA-2011-0347: RHEL Server Optional (v. 6 64-bit x86_64) (openldap-servers-sql-2.4.19-15.el6_0.2.x86_64)

RHSA-2011-0347: RHEL Server Optional (v. 6 IBM System z) (openldap-servers-sql-2.4.19-15.el6_0.2.s390x)

RHSA-2011-0347: RHEL Server Optional (v. 6 for 32-bit x86) (openldap-servers-sql-2.4.19-15.el6_0.2.i686)

RHSA-2011-0347: RHEL Server Optional Debuginfo (v.6 IBM System z) (openldap-debuginfo-2.4.19-15.el6_0.2.s390x)

RHSA-2011-0347: RHEL Server Optional Debuginfo (v.6 for x86) (openldap-debuginfo-2.4.19-15.el6_0.2.i686)

RHSA-2011-0347: RHEL Server Optional Debuginfo (v.6 x86_64) (openldap-debuginfo-2.4.19-15.el6_0.2.x86_64)

RHSA-2011-0347: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (openldap-servers-2.4.19-15.el6_0.2.i686)

RHSA-2011-0347: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (openldap-devel-2.4.19-15.el6_0.2.i686)

RHSA-2011-0347: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (openldap-clients-2.4.19-15.el6_0.2.i686)

RHSA-2011-0347: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (openldap-2.4.19-15.el6_0.2.i686)

RHSA-2011-0347: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (compat-openldap-2.4.19_2.3.43-15.el6_0.2.i686)

RHSA-2011-0347: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (openldap-servers-2.4.19-15.el6_0.2.x86_64)

RHSA-2011-0347: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (openldap-devel-2.4.19-15.el6_0.2.x86_64)

RHSA-2011-0347: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (openldap-clients-2.4.19-15.el6_0.2.x86_64)

RHSA-2011-0347: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (openldap-2.4.19-15.el6_0.2.x86_64)

RHSA-2011-0347: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (compat-openldap-2.4.19_2.3.43-15.el6_0.2.x86_64)

RHSA-2011-0347: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (openldap-devel-2.4.19-15.el6_0.2.i686)

RHSA-2011-0347: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (openldap-2.4.19-15.el6_0.2.i686)

RHSA-2011-0347: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (compat-openldap-2.4.19_2.3.43-15.el6_0.2.i686)

RHSA-2011-0347: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (openldap-servers-2.4.19-15.el6_0.2.s390x)

RHSA-2011-0347: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (openldap-devel-2.4.19-15.el6_0.2.s390x)

RHSA-2011-0347: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (openldap-clients-2.4.19-15.el6_0.2.s390x)

RHSA-2011-0347: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (openldap-2.4.19-15.el6_0.2.s390x)

RHSA-2011-0347: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (compat-openldap-2.4.19_2.3.43-15.el6_0.2.s390x)

RHSA-2011-0347: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (openldap-devel-2.4.19-15.el6_0.2.s390)

RHSA-2011-0347: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (openldap-2.4.19-15.el6_0.2.s390)

RHSA-2011-0347: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (compat-openldap-2.4.19_2.3.43-15.el6_0.2.s390)

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
PackageInstalled VersionRequired Version
compat-openldap2.3.43-2.el6.x86_642.4.19_2.3.43-15.el6_0.2
Expand Severity Title Port/Service
3
Red Hat Update for Perl (RHSA-2011-1424)
 
QID:
119725
Category:
Local
CVE ID:
CVE-2011-2939 CVE-2011-3597
Vendor Reference
RHSA-2011-1424
Bugtraq ID:
-
Service Modified:
11/07/2011
User Modified:
-
Edited:
No
PCI Vuln:
Yes
CVSS Base:
7.5
CVSS Temporal:
5.5
THREAT:
Perl is a high-level programming language commonly used for system administration utilities and web programming.

A heap-based buffer overflow flaw was found in the way Perl decoded Unicode strings. An attacker could create a malicious Unicode string that, when decoded by a Perl program, would cause the program to crash or, potentially, execute arbitrary code with the permissions of the user running the program. (CVE-2011-2939)

It was found that the "new" constructor of the Digest module used its argument as part of the string expression passed to the eval() function. An attacker could possibly use this flaw to execute arbitrary Perl code with the privileges of a Perl program that uses untrusted input as an argument to the constructor. (CVE-2011-3597)

All Perl users should upgrade to these updated packages, which contain backported patches to correct these issues. All running Perl programs must be restarted for this update to take effect.

IMPACT:
Exploitation could result in arbitrary execution of code or result in a denial of service condition.
SOLUTION:
Upgrade to the latest packages which contain a patch. These are available from the Red Hat Network.

Steps on using the Red Hat Network to apply packages are listed as follows:
For Red Hat Enterprise Linux Versions 2.1, 3, and 4, the interactive Update Agent can be launched with the "up2date" command.

For Red Hat Enterprise Linux Version 5, the graphical Update tool can be launched with the "pup" command.

To install packages using the command line interface, use the command "yum update".

Refer to Red Hat security advisory RHSA-2011-1424 to address this issue and obtain further details.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

RHSA-2011-1424: RHEL Server Debuginfo (v.6 for IBM System z) (perl-debuginfo-5.10.1-119.el6_1.1.s390x)

RHSA-2011-1424: RHEL Server Debuginfo (v.6 for IBM System z) (perl-debuginfo-5.10.1-119.el6_1.1.s390)

RHSA-2011-1424: RHEL Server Debuginfo (v.6 for x86) (perl-debuginfo-5.10.1-119.el6_1.1.i686)

RHSA-2011-1424: RHEL Server Debuginfo (v.6 for x86_64) (perl-debuginfo-5.10.1-119.el6_1.1.x86_64)

RHSA-2011-1424: RHEL Server Debuginfo (v.6 for x86_64) (perl-debuginfo-5.10.1-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-version-0.77-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-suidperl-5.10.1-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-parent-0.221-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-libs-5.10.1-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-devel-5.10.1-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-core-5.10.1-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-Time-Piece-1.15-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-Time-HiRes-1.9721-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-Test-Simple-0.92-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-Test-Harness-3.17-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-Term-UI-0.20-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-Pod-Simple-3.13-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-Pod-Escapes-1.04-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-Parse-CPAN-Meta-1.40-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-Params-Check-0.26-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-Package-Constants-0.02-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-Object-Accessor-0.34-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-Module-Pluggable-3.90-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-Module-Loaded-0.02-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-Module-Load-Conditional-0.30-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-Module-Load-0.16-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-Module-CoreList-2.18-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-Module-Build-0.3500-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-Log-Message-Simple-0.04-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-Log-Message-0.02-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-Locale-Maketext-Simple-0.18-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-IPC-Cmd-0.56-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-IO-Zlib-1.09-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-IO-Compress-Zlib-2.020-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-IO-Compress-Base-2.020-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-File-Fetch-0.26-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-ExtUtils-ParseXS-2.2003.0-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-ExtUtils-MakeMaker-6.55-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-ExtUtils-Embed-1.28-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-ExtUtils-CBuilder-0.27-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-Digest-SHA-5.47-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-Compress-Zlib-2.020-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-Compress-Raw-Zlib-2.023-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-CPANPLUS-0.88-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-CPAN-1.9402-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-CGI-3.51-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-Archive-Tar-1.58-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-Archive-Extract-0.38-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 32-bit x86) (perl-5.10.1-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-version-0.77-119.el6_1.1.x86_64)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-suidperl-5.10.1-119.el6_1.1.x86_64)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-parent-0.221-119.el6_1.1.x86_64)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-libs-5.10.1-119.el6_1.1.x86_64)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-devel-5.10.1-119.el6_1.1.x86_64)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-core-5.10.1-119.el6_1.1.x86_64)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-Time-Piece-1.15-119.el6_1.1.x86_64)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-Time-HiRes-1.9721-119.el6_1.1.x86_64)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-Test-Simple-0.92-119.el6_1.1.x86_64)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-Test-Harness-3.17-119.el6_1.1.x86_64)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-Term-UI-0.20-119.el6_1.1.x86_64)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-Pod-Simple-3.13-119.el6_1.1.x86_64)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-Pod-Escapes-1.04-119.el6_1.1.x86_64)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-Parse-CPAN-Meta-1.40-119.el6_1.1.x86_64)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-Params-Check-0.26-119.el6_1.1.x86_64)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-Package-Constants-0.02-119.el6_1.1.x86_64)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-Object-Accessor-0.34-119.el6_1.1.x86_64)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-Module-Pluggable-3.90-119.el6_1.1.x86_64)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-Module-Loaded-0.02-119.el6_1.1.x86_64)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-Module-Load-Conditional-0.30-119.el6_1.1.x86_64)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-Module-Load-0.16-119.el6_1.1.x86_64)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-Module-CoreList-2.18-119.el6_1.1.x86_64)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-Module-Build-0.3500-119.el6_1.1.x86_64)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-Log-Message-Simple-0.04-119.el6_1.1.x86_64)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-Log-Message-0.02-119.el6_1.1.x86_64)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-Locale-Maketext-Simple-0.18-119.el6_1.1.x86_64)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-IPC-Cmd-0.56-119.el6_1.1.x86_64)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-IO-Zlib-1.09-119.el6_1.1.x86_64)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-IO-Compress-Zlib-2.020-119.el6_1.1.x86_64)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-IO-Compress-Base-2.020-119.el6_1.1.x86_64)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-File-Fetch-0.26-119.el6_1.1.x86_64)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-ExtUtils-ParseXS-2.2003.0-119.el6_1.1.x86_64)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-ExtUtils-MakeMaker-6.55-119.el6_1.1.x86_64)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-ExtUtils-Embed-1.28-119.el6_1.1.x86_64)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-ExtUtils-CBuilder-0.27-119.el6_1.1.x86_64)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-Digest-SHA-5.47-119.el6_1.1.x86_64)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-Compress-Zlib-2.020-119.el6_1.1.x86_64)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-Compress-Raw-Zlib-2.023-119.el6_1.1.x86_64)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-CPANPLUS-0.88-119.el6_1.1.x86_64)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-CPAN-1.9402-119.el6_1.1.x86_64)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-CGI-3.51-119.el6_1.1.x86_64)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-Archive-Tar-1.58-119.el6_1.1.x86_64)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-Archive-Extract-0.38-119.el6_1.1.x86_64)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-5.10.1-119.el6_1.1.x86_64)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-libs-5.10.1-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) (perl-devel-5.10.1-119.el6_1.1.i686)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-version-0.77-119.el6_1.1.s390x)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-suidperl-5.10.1-119.el6_1.1.s390x)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-parent-0.221-119.el6_1.1.s390x)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-libs-5.10.1-119.el6_1.1.s390x)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-devel-5.10.1-119.el6_1.1.s390x)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-core-5.10.1-119.el6_1.1.s390x)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-Time-Piece-1.15-119.el6_1.1.s390x)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-Time-HiRes-1.9721-119.el6_1.1.s390x)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-Test-Simple-0.92-119.el6_1.1.s390x)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-Test-Harness-3.17-119.el6_1.1.s390x)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-Term-UI-0.20-119.el6_1.1.s390x)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-Pod-Simple-3.13-119.el6_1.1.s390x)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-Pod-Escapes-1.04-119.el6_1.1.s390x)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-Parse-CPAN-Meta-1.40-119.el6_1.1.s390x)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-Params-Check-0.26-119.el6_1.1.s390x)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-Package-Constants-0.02-119.el6_1.1.s390x)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-Object-Accessor-0.34-119.el6_1.1.s390x)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-Module-Pluggable-3.90-119.el6_1.1.s390x)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-Module-Loaded-0.02-119.el6_1.1.s390x)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-Module-Load-Conditional-0.30-119.el6_1.1.s390x)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-Module-Load-0.16-119.el6_1.1.s390x)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-Module-CoreList-2.18-119.el6_1.1.s390x)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-Module-Build-0.3500-119.el6_1.1.s390x)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-Log-Message-Simple-0.04-119.el6_1.1.s390x)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-Log-Message-0.02-119.el6_1.1.s390x)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-Locale-Maketext-Simple-0.18-119.el6_1.1.s390x)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-IPC-Cmd-0.56-119.el6_1.1.s390x)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-IO-Zlib-1.09-119.el6_1.1.s390x)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-IO-Compress-Zlib-2.020-119.el6_1.1.s390x)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-IO-Compress-Base-2.020-119.el6_1.1.s390x)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-File-Fetch-0.26-119.el6_1.1.s390x)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-ExtUtils-ParseXS-2.2003.0-119.el6_1.1.s390x)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-ExtUtils-MakeMaker-6.55-119.el6_1.1.s390x)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-ExtUtils-Embed-1.28-119.el6_1.1.s390x)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-ExtUtils-CBuilder-0.27-119.el6_1.1.s390x)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-Digest-SHA-5.47-119.el6_1.1.s390x)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-Compress-Zlib-2.020-119.el6_1.1.s390x)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-Compress-Raw-Zlib-2.023-119.el6_1.1.s390x)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-CPANPLUS-0.88-119.el6_1.1.s390x)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-CPAN-1.9402-119.el6_1.1.s390x)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-CGI-3.51-119.el6_1.1.s390x)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-Archive-Tar-1.58-119.el6_1.1.s390x)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-Archive-Extract-0.38-119.el6_1.1.s390x)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-5.10.1-119.el6_1.1.s390x)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-libs-5.10.1-119.el6_1.1.s390)

RHSA-2011-1424: Red Hat Enterprise Linux Server (v. 6 for IBM System z) (perl-devel-5.10.1-119.el6_1.1.s390)

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
PackageInstalled VersionRequired Version
perl-Compress-Raw-Zlib2.020-129.el6.x86_642.023-119.el6_1.1
Expand Severity Title Port/Service
3
Remote Access or Management Service Detected
QID:
42017
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
10/17/2011
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
A remote access or remote management service was detected. If such a service is accessible to malicious users it can be used to carry different type of attacks. Malicious users could try to brute force credentials or collect additional information on the service which could enable them in crafting further attacks.

The Results section includes information on the remote access service that was found on the target.

Services like Telnet, Rlogin, SSH, windows remote desktop, pcAnywhere, Citrix Management Console, Remote Admin (RAdmin), VNC, OPENVPN and ISAKMP are checked.

IMPACT:
Consequences vary by the type of attack.
SOLUTION:
Expose the remote access or remote management services only to the system administrators or intended users of the system.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Service name: SSH on TCP port 22.
Expand Severity Title Port/Service
3
Unix Group List
QID:
105130
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
03/07/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
All Unix groups found at the host are listed in the result section. The following fields are provided in the order shown.

1) The group name. Group names are fairly arbitrary but it is a good idea to choose group names that express some idea about the function of the group.
2) The group's encrypted password. Group passwords encouraged poor security practices, so most modern Unix systems don't support them.
3) The group's unique numeric ID (GID).
4) All users in the group.

IMPACT:
Users can get elevated privileges if they are added to Unix groups.
SOLUTION:
Check to be sure that the information provided adheres to your security policy.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
No results available
Expand Severity Title Port/Service
3
User Home Directory With Non-Restrictive Permissions
QID:
105155
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
03/25/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The home directory of the users shown in the result section have restrictive permissions. Ideally all home directories should have the following permissions:

Owner: read, write, execute
Group: read, execute
Other: (No Permission)

IMPACT:
Unauthorised users can have read, write or execute access.
SOLUTION:
Change the directory permissions by issuing the following command:
chmod -R 750 (directory name)
COMPLIANCE:
Type: CobIT
Section: DS5.4
Description: User Account Management Ensure that requesting, establishing, issuing, suspending, modifying and closing user accounts and related user privileges are addressed by user account management. An approval procedure outlining the data or system owner granting the access privileges should be included. These procedures should apply for all users, including administrators (privileged users), internal and external users, for normal and emergency cases. Rights and obligations relative to access to enterprise systems and information are contractually arranged for all types of users. Perform regular management review of all accounts and related privileges.

EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
drwxr-xr-x 2 root root 4096 May 7 2011 drivers
drwxr-xr-x 2 root root 4096 May 7 2011 images
drwxr-xr-x 6 root root 4096 May 7 2011 linux
drwxr-xr-x 4 root root 4096 May 7 2011 serveradministrator
Expand Severity Title Port/Service
3
RPC Portmapper Information
QID:
125001
Category:
Forensics
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
08/08/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The result section shows the information received by making an RPC call to the portmapper on the target host. It shows the list of all registered RPC programs.
IMPACT:
N/A
SOLUTION:
Check to be sure that the information reported adheres to your security policy.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
program vers proto port service
100000 4 tcp 111 portmapper
100000 3 tcp 111 portmapper
100000 2 tcp 111 portmapper
100000 4 udp 111 portmapper
100000 3 udp 111 portmapper
100000 2 udp 111 portmapper
100024 1 udp 45855 status
100024 1 tcp 51391 status
100011 1 udp 875 rquotad
100011 2 udp 875 rquotad
100011 1 tcp 875 rquotad
100011 2 tcp 875 rquotad
100005 1 udp 45806 mountd
100005 1 tcp 48770 mountd
100005 2 udp 57774 mountd
100005 2 tcp 38760 mountd
100005 3 udp 55767 mountd
100005 3 tcp 48250 mountd
100003 2 tcp 2049 nfs
100003 3 tcp 2049 nfs
100003 4 tcp 2049 nfs
100227 2 tcp 2049 nfs_acl
100227 3 tcp 2049 nfs_acl
100003 2 udp 2049 nfs
100003 3 udp 2049 nfs
100003 4 udp 2049 nfs
100227 2 udp 2049 nfs_acl
100227 3 udp 2049 nfs_acl
100021 1 udp 37277 nlockmgr
100021 3 udp 37277 nlockmgr
100021 4 udp 37277 nlockmgr
100021 1 tcp 51640 nlockmgr
100021 3 tcp 51640 nlockmgr
100021 4 tcp 51640 nlockmgr
Expand Severity Title Port/Service
3
Network Filesystem (NFS) Exports Information
QID:
125002
Category:
Forensics
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
04/21/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
All filesystems being exported to remote users via NFS, as well as the access rights relating to those filesystems, are located in the /etc/exports file. This file is read by the "exportfs" command to give rpc.mountd and rpc.nfsd the information necessary to allow the remote mounting of a filesystem by an authorized host.

The /etc/exports file is the standard for controlling which filesystems are exported to which hosts, as well as specifying particular control options. Blank lines are ignored, comments can be made using #, and long lines can be wrapped with a backslash (\). Each exported filesystem should be on its own line. Lists of authorized hosts placed after an exported filesystem must be separated by space characters. Options for each of the hosts must be placed in parentheses directly after the host identifier, without any spaces separating the host and the first parenthesis.

Remote NFS clients can access the file systems exported depending on their access rights. The /etc/exports file is listed in the result section.

IMPACT:
N/A
SOLUTION:
Make sure that the exported file system and rights adhere to your security policy.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Export list for s192.schsr.unc.edu:
/mnt/nfs4 152.2.35.82


0


/mnt/nfs4 152.2.35.82(rw,fsid=0,insecure,no_subtree_check,sync,anonuid=65534,anongid=65534)
Expand Severity Title Port/Service
2
Operating System Detected
QID:
45017
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
02/09/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Several different techniques can be used to identify the operating system (OS) running on a host. A short description of these techniques is provided below. The specific technique used to identify the OS on this host is included in the RESULTS section of your report.

1) TCP/IP Fingerprint: The operating system of a host can be identified from a remote system using TCP/IP fingerprinting. All underlying operating system TCP/IP stacks have subtle differences that can be seen in their responses to specially-crafted TCP packets. According to the results of this "fingerprinting" technique, the OS version is among those listed below.

Note that if one or more of these subtle differences are modified by a firewall or a packet filtering device between the scanner and the host, the fingerprinting technique may fail. Consequently, the version of the OS may not be detected correctly. If the host is behind a proxy-type firewall, the version of the operating system detected may be that for the firewall instead of for the host being scanned.

2) NetBIOS: Short for Network Basic Input Output System, an application programming interface (API) that augments the DOS BIOS by adding special functions for local-area networks (LANs). Almost all LANs for PCs are based on the NetBIOS. Some LAN manufacturers have even extended it, adding additional network capabilities. NetBIOS relies on a message format called Server Message Block (SMB).

3) PHP Info: PHP is a hypertext pre-processor, an open-source, server-side, HTML-embedded scripting language used to create dynamic Web pages. Under some configurations it is possible to call PHP functions like phpinfo() and obtain operating system information.

4) SNMP: The Simple Network Monitoring Protocol is used to monitor hosts, routers, and the networks to which they attach. The SNMP service maintains Management Information Base (MIB), a set of variables (database) that can be fetched by Managers. These include "MIB_II.system.sysDescr" for the operating system.

IMPACT:
Not applicable.
SOLUTION:
Not applicable.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Operating SystemTechniqueID
Red Hat Enterprise Linux Server 6.4Unix login
Ubuntu / Linux 2.6.xTCP/IP FingerprintU4856:22
cpe:/o:redhat:red hat enterprise linux:6.4::server:CPE
Expand Severity Title Port/Service
2
List of Java Related Packages
QID:
45096
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
10/08/2008
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
All Java-related packages installed on your system are listed.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
tzdata-java-2012j-2.el6.noarch
java-1.6.0-openjdk-1.6.0.0-1.57.1.11.9.el6_4.x86_64
Expand Severity Title Port/Service
2
Host Uptime Based on TCP TimeStamp Option
QID:
82063
Category:
TCP/IP
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/29/2007
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The TCP/IP stack on the host supports the TCP TimeStamp (kind 8) option. Typically the timestamp used is the host's uptime (since last reboot) in various units (e.g., one hundredth of second, one tenth of a second, etc.). Based on this, we can obtain the host's uptime. The result is given in the Result section below.

Some operating systems (e.g., MacOS, OpenBSD) use a non-zero, probably random, initial value for the timestamp. For these operating systems, the uptime obtained does not reflect the actual uptime of the host; the former is always larger than the latter.

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Based on TCP timestamps obtained via port 22, the host's uptime is 11 days, 19 hours, and 27 minutes.
The TCP timestamps from the host are in units of 1 milliseconds.
Expand Severity Title Port/Service
2
Unix Users With root UserID
QID:
105139
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
09/22/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The result section displays UNIX users with a root UserID, that is users with UID of 0.
IMPACT:
Root privileges on a UNIX host permits a user complete control of the host's operating system, configuration, and services. Restricted use of this privilege is advised. Check to be sure the results adhere to your security policy.
SOLUTION:
Remove users that should not have root UserID according to your security policy.
COMPLIANCE:
Type: CobIT
Section: DS5.4
Description: User Account Management Ensure that requesting, establishing, issuing, suspending, modifying and closing user accounts and related user privileges are addressed by user account management. An approval procedure outlining the data or system owner granting the access privileges should be included. These procedures should apply for all users, including administrators (privileged users), internal and external users, for normal and emergency cases. Rights and obligations relative to access to enterprise systems and information are contractually arranged for all types of users. Perform regular management review of all accounts and related privileges.

EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
root
mwhelan.adm
Expand Severity Title Port/Service
2
Unix Users With root GroupID
QID:
105140
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
09/22/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The result section displays UNIX users with a root GroupID, that is users with GID of 0.
IMPACT:
Root privileges on a UNIX host permits a user complete control of the host's operating system, configuration, and services. Restricted use of this privilege is advised. Check to be sure the results adhere to your security policy.
SOLUTION:
Remove users that should not have root GroupID according to your security policy.
COMPLIANCE:
Type: CobIT
Section: DS5.4
Description: User Account Management Ensure that requesting, establishing, issuing, suspending, modifying and closing user accounts and related user privileges are addressed by user account management. An approval procedure outlining the data or system owner granting the access privileges should be included. These procedures should apply for all users, including administrators (privileged users), internal and external users, for normal and emergency cases. Rights and obligations relative to access to enterprise systems and information are contractually arranged for all types of users. Perform regular management review of all accounts and related privileges.

EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
root
mwhelan.adm
sync
shutdown
halt
operator
Expand Severity Title Port/Service
2
List of Home Directories Associated with UserIDs
QID:
105207
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
07/06/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
All users should have a default home directory assigned. The UserID and home directory associated with the userid are as follows.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
No results available
Expand Severity Title Port/Service
2
Shared Resource List.
QID:
105211
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
07/07/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
List of automatically shared resources over NFS are as follows.
IMPACT:
These resources are shared over NFS.
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
/mnt/nfs4 152.2.35.82(rw,fsid=0,insecure,no_subtree_check,sync,anonuid=65534,anongid=65534)
Expand Severity Title Port/Service
2
List of Valid Shells
QID:
105213
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
07/19/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
/etc/shells is a text file which contains the full pathnames of valid login shells. This detection gets the contents of /etc/shells file. More information can be found by "man shells" or "man getusershell".
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
/bin/sh
/bin/bash
/sbin/nologin
/bin/tcsh
/bin/csh
/bin/dash
Expand Severity Title Port/Service
2
SU Logging
QID:
105326
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
04/08/2008
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
SU logging should be enabled to monitor suspicious activity.
IMPACT:
N/A
SOLUTION:
For Solaris, modify the /etc/default/su file and set the "SULOG" parameter.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
No results available
Expand Severity Title Port/Service
2
root Should Be Specified in Block List for FTP Users
QID:
105328
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
04/25/2008
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
As best practice root user should be present in the list of users blocked for File Transfer Protocol (FTP) access. A configuration file contains this list of local user names that the ftpd server does not allow remote FTP clients to use. The general name and location of this file is:

On Linux, Solaris and Mac - "/etc/ftpusers"
On HP-UX - "/etc/ftpd/ftpusers" or "/etc/ftpd/ftpaccess"

Note: On HP-UX, root permission is required to access /etc/ftpd/ftpusers file.

This vulnerability check requires read permission on above mentioned configuration files. Without permission this detection may give false results.

IMPACT:
N/A
SOLUTION:
Add root entry in the corresponding configuration file.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
File "/etc/ftpusers" not present or not accessible
Expand Severity Title Port/Service
1
DNS Host Name
QID:
6
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
01/01/1999
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The fully qualified domain name of this host, if it was obtained from a DNS server, is displayed in the RESULT section.
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
IP addressHost name
152.2.35.192s192.schsr.unc.edu
Expand Severity Title Port/Service
1
Firewall Detected
QID:
34011
Category:
Firewall
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
10/16/2001
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
A packet filtering device protecting this IP was detected. This is likely to be a firewall or a router using access control lists (ACLs).
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Some of the ports filtered by the firewall are: 20, 21, 23, 25, 53, 80, 111, 135, 443, 445.

Listed below are the ports filtered by the firewall.
No response has been received when any of these ports is probed.
1-21,23-630,632-6128,6130-65535
Expand Severity Title Port/Service
1
Target Network Information
QID:
45004
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
08/15/2013
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The information shown in the Result section was returned by the network infrastructure responsible for routing traffic from our cloud platform to the target network (where the scanner appliance is located).

This information was returned from: 1) the WHOIS service, or 2) the infrastructure provided by the closest gateway server to our cloud platform. If your ISP is routing traffic, your ISP's gateway server returned this information.

IMPACT:
This information can be used by malicious users to gather more information about the network infrastructure that may help in launching attacks against it.
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
The network handle is: UNCCH-NET
Network description:
University of North Carolina at Chapel Hill
Expand Severity Title Port/Service
1
Internet Service Provider
QID:
45005
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
08/15/2013
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The information shown in the Result section was returned by the network infrastructure responsible for routing traffic from our cloud platform to the target network (where the scanner appliance is located).

This information was returned from: 1) the WHOIS service, or 2) the infrastructure provided by the closest gateway server to our cloud platform. If your ISP is routing traffic, your ISP's gateway server returned this information.This information was gathered using the WHOIS service for the network and is believed to be the ISP of the target network.

IMPACT:
This information can be used by malicious users to gather more information about the network infrastructure that may aid in launching further attacks against it.
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
The ISP network handle is: UNCCH-NET
ISP Network description:
University of North Carolina at Chapel Hill
Expand Severity Title Port/Service
1
Traceroute
QID:
45006
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/09/2003
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Traceroute describes the path in realtime from the scanner to the remote host being contacted. It reports the IP addresses of all the routers in between.
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
HopsIPRound Trip TimeProbe
1152.2.20.10.76msICMP
2152.19.253.1061.50msICMP
3152.19.255.171.02msICMP
4152.19.255.2101.12msICMP
5152.2.35.1921.51msICMP
Expand Severity Title Port/Service
1
Unix Server Information
QID:
45037
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
11/29/2004
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The following information was found about the Unix server:
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
UNameLinux s192.schsr.unc.edu 2.6.32-358.0.1.el6.x86 64 #1 SMP Wed Feb 20 11:05:23 EST 2013 x86 64 x86 64 x86 64 GNU/Linux
Operating systemLinux
Red Hat ReleaseRed Hat Enterprise Linux Server release 6.4 (Santiago)
ProductRed Hat Enterprise Linux Server
Version6.4
VendorRed Hat
CPUx86 64
Expand Severity Title Port/Service
1
Host Scan Time
QID:
45038
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
11/18/2004
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The Host Scan Time is the period of time it takes the scanning engine to perform the vulnerability assessment of a single target host. The Host Scan Time for this host is reported in the Result section below.

The Host Scan Time does not have a direct correlation to the Duration time as displayed in the Report Summary section of a scan results report. The Duration is the period of time it takes the service to perform a scan task. The Duration includes the time it takes the service to scan all hosts, which may involve parallel scanning. It also includes the time it takes for a scanner appliance to pick up the scan task and transfer the results back to the service's Secure Operating Center. Further, when a scan task is distributed across multiple scanners, the Duration includes the time it takes to perform parallel host scanning on all scanners.

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Scan duration: 2331 seconds

Start time: Sat, Mar 23 2013, 09:21:59 GMT

End time: Sat, Mar 23 2013, 10:00:50 GMT
Expand Severity Title Port/Service
1
Host Names Found
QID:
45039
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
02/14/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The following host names were discovered for this computer using various methods such as DNS look up, NetBIOS query, and SQL server name query.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Host NameSource
s192.schsr.unc.eduFQDN
s192.schsr.unc.eduSystem-configured
Expand Severity Title Port/Service
1
Contents of /etc/issue File
QID:
45046
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/04/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The /etc/issue file contains the login banner.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Red Hat Enterprise Linux Server release 6.4 (Santiago)
Kernel \r on an \m
Expand Severity Title Port/Service
1
Network File System (NFS) Statistics
QID:
45076
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
01/23/2008
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
NFS is a network file system protocol allowing a user on a client computer to access files over a network as if the network devices were attached to its local disks. NFS, like many other protocols, builds on the Open Network Computing Remote Procedure Call (ONC RPC) system. The Network File System protocol is specified in RFC 1094, RFC 1813, and RFC 3530 (which obsoletes RFC 3010).

The results section of this QID prints the NFS statistics.

IMPACT:
n/a
SOLUTION:
n/a
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
nfsstat -s

Server rpc stats:
calls badcalls badauth badclnt xdrcall
0 0 0 0 0
Expand Severity Title Port/Service
1
Linux Kernel Version Running
QID:
45097
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/05/2009
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The Linux kernel version running on the system at the time of the scan is listed in the result section. This QID currently supports:

Red Hat Linux
Oracle Enterprise Linux
Suse
Fedora
Debian
Ubuntu
CentOS

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Running Kernel Version is: 2.6.32-358.0.1.el6.x86_64
Expand Severity Title Port/Service
1
Installed Kernel rpm List for Red Hat and Oracle Enterprise Linux
QID:
45098
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/05/2009
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
List of Red Hat Linux or Oracle Enterprise Linux kernels installed on the system.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
dracut-kernel-004-303.el6.noarch
kernel-2.6.32-358.2.1.el6.x86_64
kernel-2.6.32-358.0.1.el6.x86_64
Expand Severity Title Port/Service
1
Contents of rsyslog.conf File
QID:
45121
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
01/10/2011
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The rsyslog.conf file is the main configuration file for the rsyslogd which logs system messages on *nix systems. This file specifies rules for logging.

ryslog.conf is backward compatible with sysklogd's syslog.conf file.

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
# rsyslog v5 configuration file

# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html

#### MODULES ####

$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imklog # provides kernel logging support (previously done by rklogd)
#$ModLoad immark # provides --MARK-- message capability

# Provides UDP syslog reception
#$ModLoad imudp
#$UDPServerRun 514

# Provides TCP syslog reception
#$ModLoad imtcp
#$InputTCPServerRun 514


#### GLOBAL DIRECTIVES ####

# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

# File syncing capability is disabled by default. This feature is usually not required,
# not useful and an extreme performance hit
#$ActionFileEnableSync on

# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf


#### RULES ####

# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages

# The authpriv file has restricted access.
authpriv.* /var/log/secure

# Log all the mail messages in one place.
mail.* -/var/log/maillog


# Log cron stuff
cron.* /var/log/cron

# Everybody gets emergency messages
*.emerg *

# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler

# Save boot messages also to boot.log
local7.* /var/log/boot.log


# ### begin forwarding rule ###
# The statement between the begin ... end define a SINGLE forwarding
# rule. They belong together, do NOT split them. If you create multiple
# forwarding rules, duplicate the whole block!
# Remote Logging (we use TCP for reliable delivery)
#
# An on-disk queue is created for this action. If the remote host is
# down, messages are spooled to disk and sent when it is up again.
#$WorkDirectory /var/lib/rsyslog # where to place spool files
#$ActionQueueFileName fwdRule1 # unique name prefix for spool files
#$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)
#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
#$ActionQueueType LinkedList # run asynchronously
#$ActionResumeRetryCount -1 # infinite retries if host is down
# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
#*.* @@remote-host:514
# ### end of the forwarding rule ###
Expand Severity Title Port/Service
1
"daemon.notice" Entry Missing in rsyslog.conf file
QID:
45122
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
01/10/2011
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The rsyslog.conf file specifies rules for logging. The file contains information used by the rsyslogd to forward a system message to appropriate log files and/or users. An entry of the form:

daemon.notice [Tab] <path to logfile>

ensures that all conditions involving daemons (such as ftpd) that are not error conditions are logged in the specified log file.

This entry was found to be missing from the rsyslog.conf file on the target.

IMPACT:
N/A
SOLUTION:
Ensure that the absence of the daemon.notice entry is in compliance with your organization's security policy.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imklog # provides kernel logging support (previously done by rklogd)





$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat


$IncludeConfig /etc/rsyslog.d/*.conf




*.info;mail.none;authpriv.none;cron.none /var/log/messages

authpriv.* /var/log/secure

mail.* -/var/log/maillog


cron.* /var/log/cron

*.emerg *

uucp,news.crit /var/log/spooler

local7.* /var/log/boot.log
Expand Severity Title Port/Service
1
Java Version Detected
QID:
45125
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
01/27/2011
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
An instance of java was detected on the target *NIX host.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
java -version

java version "1.6.0_24"
OpenJDK Runtime Environment (IcedTea6 1.11.9) (rhel-1.57.1.11.9.el6_4-x86_64)
OpenJDK 64-Bit Server VM (build 20.0-b12, mixed mode)
Expand Severity Title Port/Service
1
Python Installed on Host
QID:
45127
Category:
Information gathering
CVE ID:
-
Vendor Reference
Python
Bugtraq ID:
-
Service Modified:
07/26/2011
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Python is installed on target host. Python is a powerful dynamic programming language that is used in a wide variety of application domains. Python is available for all major operating systems including Windows, Linux/Unix, OS/2 etc.

Note: For Windows Systems
To get the exact version of Python installed on the target, look for the string followed by '#define PY_VERSION' in the result section. A target can have more than one version of Python installed.

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
2.6.6 (r266:84292, Oct 12 2012, 14:23:48)
[GCC 4.4.6 20120305 (Red Hat 4.4.6-4)]
Expand Severity Title Port/Service
1
Java Runtime Environment 1.6 Installed
QID:
45140
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
10/31/2011
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Java Runtime Environment 1.6 installed on the target machine.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Java Runtime Environment 1.6 installed
Expand Severity Title Port/Service
1
Installed Packages on Unix and Linux Operating Systems
QID:
45141
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
01/18/2012
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
This QID lists installed rpm packages or operating system vendor specific packages on the target Unix/Linux system.

Supported Unix or Linux Operating Systems:
RedHat Linux
CentOS
Suse
Fedora
Oracle Enterprise Linux
Debian
Ubuntu
IBM AIX
Solaris
Mac OS X

NOTE: If the system has more than 200 packages, this qid lists only first 200 packages.

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
pytalloc 2.0.7-2.el6.x86_64
iwl3945-firmware 15.32.2.9-4.el6.noarch
alsa-utils 1.0.22-5.el6.x86_64
libcanberra-gtk2 0.22-1.el6.x86_64
iso-codes 3.16-2.el6.noarch
libsoup 2.28.2-4.el6.x86_64
ql23xx-firmware 3.03.27-3.1.el6.noarch
wodim 1.1.9-12.el6.x86_64
foomatic 4.0.4-1.el6_1.1.x86_64
totem-pl-parser 2.28.3-1.el6.x86_64
mozilla-filesystem 1.9-5.1.el6.x86_64
gcalctool 5.28.2-3.el6.x86_64
abrt 2.0.8-15.el6.x86_64
filesystem 2.4.30-3.el6.x86_64
compat-libstdc++-33 3.2.3-69.el6.i686
strace 4.5.19-1.17.el6.x86_64
python-slip-gtk 0.2.20-1.el6_2.noarch
libreport-plugin-logger 2.0.9-15.el6.x86_64
libcap 2.16-5.5.el6.x86_64
libavc1394 0.5.3-9.1.el6.x86_64
zlib 1.2.3-29.el6.i686
gtksourceview2 2.8.2-4.el6.x86_64
yum-metadata-parser 1.1.2-16.el6.x86_64
bind-utils 9.8.2-0.17.rc1.el6.3.x86_64
gpg-pubkey fd431d51-4ae0493b
initscripts 9.03.38-1.el6_4.1.x86_64
giflib 4.1.6-3.1.el6.x86_64
lockdev 1.0.1-18.el6.x86_64
libipa_hbac-python 1.9.2-82.4.el6_4.x86_64
festival-lib 1.96-18.el6.x86_64
ORBit2 2.14.17-3.2.el6_3.x86_64
libwacom-data 0.5-4.el6.noarch
libsepol 2.0.41-4.el6.x86_64
libgsf 1.14.15-5.el6.x86_64
gstreamer-plugins-bad-free 0.10.19-2.el6.x86_64
udev 147-2.46.el6.x86_64
bzip2 1.0.5-7.el6_0.x86_64
gtkspell 2.0.16-1.el6.x86_64
pango 1.28.1-7.el6_3.x86_64
net-tools 1.60-110.el6_2.x86_64
device-mapper 1.02.77-9.el6.x86_64
newt 0.52.11-3.el6.x86_64
mailx 12.4-6.el6.x86_64
apr-util 1.3.9-3.el6_0.1.x86_64
python-pycurl 7.19.0-8.el6.x86_64
device-mapper-event 1.02.77-9.el6.x86_64
xdg-utils 1.0.2-17.20091016cvs.el6.noarch
unzip 6.0-1.el6.x86_64
redhat-lsb-printing 4.0-7.el6.x86_64
aspell 0.60.6-12.el6.x86_64
fprintd-pam 0.1-20.git04fd09cfa.el6.x86_64
poppler-glib 0.12.4-3.el6_0.1.x86_64
gnome-python2 2.28.0-3.el6.x86_64
setserial 2.17-25.el6.x86_64
dhcp-common 4.1.1-34.P1.el6.x86_64
taglib 1.6.1-1.1.el6.x86_64
yum-utils 1.1.30-14.el6.noarch
glib2 2.22.5-7.el6.x86_64
b43-fwcutter 012-2.2.el6.x86_64
libXrandr 1.4.0-1.el6.x86_64
sysstat 9.0.4-20.el6.x86_64
sed 4.2.1-10.el6.x86_64
libXxf86misc 1.0.3-4.el6.x86_64
system-config-firewall 1.2.27-5.el6.noarch
mesa-libGLU 9.0-0.7.el6.x86_64
libisofs 0.6.32-1.el6.x86_64
libbonobo 2.24.2-5.el6.x86_64
evince-dvi 2.28.2-14.el6_0.1.x86_64
xorg-x11-drv-vesa 2.3.2-4.el6.x86_64
libdv 1.0.0-8.1.el6.x86_64
tcpdump 4.0.0-3.20090921gitdf3cb4.2.el6.x86_64
xorg-x11-drv-i128 1.3.6-3.el6.x86_64
libxml2 2.7.6-12.el6_4.1.x86_64
lcms-libs 1.19-1.el6.x86_64
xorg-x11-drv-aiptek 1.4.1-4.el6.x86_64
python-netaddr 0.7.5-4.el6.noarch
less 436-10.el6.x86_64
nss-util 3.14.0.0-2.el6.x86_64
usbmuxd 1.0.2-1.el6.x86_64
xorg-x11-drv-elographics 1.4.1-2.el6.x86_64
fipscheck-lib 1.2.0-7.el6.x86_64
m17n-lib 1.5.5-2.el6_1.1.x86_64
setuptool 1.19.9-3.el6.x86_64
libtdb 1.2.10-1.el6.x86_64
cronie 1.4.4-7.el6.x86_64
libutempter 1.1.5-4.1.el6.x86_64
xorg-x11-drv-fpit 1.4.0-5.el6.x86_64
pulseaudio 0.9.21-14.el6_3.x86_64
perl-Pod-Simple 3.13-129.el6.x86_64
bc 1.06.95-1.el6.x86_64
xorg-x11-drv-cirrus 1.5.1-2.el6.x86_64
perl-devel 5.10.1-129.el6.x86_64
libxklavier 4.0-9.el6.x86_64
totem-nautilus 2.28.6-2.el6.x86_64
libXcomposite 0.4.3-4.el6.x86_64
theora-tools 1.1.0-2.el6.x86_64
libtevent 0.9.17-1.el6.x86_64
PackageKit-yum 0.5.8-21.el6.x86_64
gnome-python2-bonobo 2.28.0-3.el6.x86_64
perl-Compress-Raw-Zlib 2.020-129.el6.x86_64
redhat-lsb 4.0-7.el6.x86_64
pyxdg 0.18-1.el6.noarch
perl-IO-Compress-Zlib 2.020-129.el6.x86_64
PackageKit-gstreamer-plugin 0.5.8-21.el6.x86_64
perl-Archive-Extract 0.38-129.el6.x86_64
libuser-python 0.56.13-5.el6.x86_64
libreport-gtk 2.0.9-15.el6.x86_64
docbook-dtds 1.0-51.el6.noarch
sysvinit-tools 2.87-4.dsf.el6.x86_64
ibus-table 1.2.0.20100111-4.el6.noarch
perl-Digest-SHA 5.47-129.el6.x86_64
libpcap 1.0.0-6.20091201git117cb5.el6.x86_64
xorg-x11-fonts-Type1 7.2-9.1.el6.noarch
rhino 1.7-0.7.r2.2.el6.noarch
libcurl 7.19.7-35.el6.x86_64
openssh-clients 5.3p1-84.1.el6.x86_64
perl-libwww-perl 5.833-2.el6.noarch
gnome-panel-libs 2.30.2-14.el6.x86_64
e2fsprogs-libs 1.41.12-14.el6.x86_64
db4-utils 4.7.25-17.el6.x86_64
xorg-x11-fonts-ISO8859-1-100dpi 7.2-9.1.el6.noarch
xinetd 2.3.14-38.el6.x86_64
dbus-x11 1.2.24-7.el6_3.x86_64
kpathsea 2007-57.el6_2.x86_64
foomatic-db-ppds 4.0-7.20091126.el6.noarch
vlgothic-fonts 20091202-2.el6.noarch
pciutils 3.1.10-2.el6.x86_64
emacs-common 23.1-21.el6_2.3.x86_64
e2fsprogs 1.41.12-14.el6.x86_64
iwl6000-firmware 9.221.4.1-1.el6.noarch
un-core-pilgi-fonts 1.0.2-0.15.080608.el6.noarch
abrt-cli 2.0.8-15.el6.x86_64
plymouth-theme-rings 0.8.3-27.el6.noarch
libao 0.8.8-7.1.el6.x86_64
gnome-backgrounds 2.28.0-2.el6.noarch
plymouth-system-theme 0.8.3-27.el6.noarch
elfutils 0.152-1.el6.x86_64
gmp 4.3.1-7.el6_2.2.x86_64
perl-parent 0.221-129.el6.x86_64
m2crypto 0.20.2-9.el6.x86_64
vte 0.25.1-7.el6.x86_64
un-core-fonts-common 1.0.2-0.15.080608.el6.noarch
poppler-utils 0.12.4-3.el6_0.1.x86_64
libproxy-bin 0.3.0-4.el6_3.x86_64
rt73usb-firmware 1.8-7.el6.noarch
icedax 1.1.9-12.el6.x86_64
vim-common 7.2.411-1.8.el6.x86_64
libgnomecanvas 2.26.0-4.el6.x86_64
gedit 2.28.4-3.el6.x86_64
libreport 2.0.9-15.el6.x86_64
mcelog 1.0pre3_20120814_2-0.6.el6.x86_64
abrt-addon-kerneloops 2.0.8-15.el6.x86_64
dkms 2.0.22.0-1.noarch
ql2500-firmware 5.08.00-1.el6.noarch
libimobiledevice 0.9.7-4.el6.x86_64
brasero 2.28.3-6.el6.x86_64
OpenIPMI-libs 2.0.16-14.el6.x86_64
selinux-policy 3.7.19-195.el6_4.3.noarch
libshout 2.2.2-5.1.el6.x86_64
nscd 2.12-1.107.el6.x86_64
kernel-firmware 2.6.32-358.2.1.el6.noarch
libsss_autofs 1.9.2-82.4.el6_4.x86_64
liberation-sans-fonts 1.05.1.20090721-5.el6.noarch
gnome-speech 0.4.25-3.1.el6.x86_64
libogg 1.1.4-2.1.el6.x86_64
openssl098e 0.9.8e-17.el6_2.2.x86_64
iproute 2.6.32-23.el6.x86_64
latencytop 0.5-9.el6.x86_64
atk 1.28.0-2.el6.x86_64
perl-Crypt-SSLeay 0.57-16.el6.x86_64
redhat-lsb-core 4.0-7.el6.x86_64
nfs-utils-lib 1.1.5-6.el6.x86_64
prelink 0.4.6-3.el6.x86_64
nc 1.84-22.el6.x86_64
notification-daemon 0.5.0-1.el6.x86_64
libtiff 3.9.4-9.el6_3.x86_64
speex 1.2-0.12.rc1.1.el6.x86_64
mtr 0.75-5.el6.x86_64
compat-db43 4.3.29-15.el6.x86_64
xorg-x11-xinit 1.0.9-13.el6.x86_64
vino 2.28.1-8.el6_3.x86_64
libXext 1.3.1-2.el6.x86_64
numpy 1.4.1-9.el6.x86_64
gnome-python2-extras 2.25.3-20.el6.x86_64
gdbm 1.8.0-36.el6.x86_64
compat-libgfortran-41 4.1.2-39.el6.x86_64
libXcursor 1.1.13-2.el6.x86_64
seekwatcher 0.12-5.el6.noarch
bluez-libs 4.66-1.el6.x86_64
xmlrpc-c-client 1.16.24-1209.1840.el6.x86_64
system-config-firewall-base 1.2.27-5.el6.noarch
mesa-dri-drivers 9.0-0.7.el6.x86_64
libtirpc 0.2.1-5.el6.x86_64
xorg-x11-xkb-utils 7.7-4.el6.x86_64
ibus 1.3.4-6.el6.x86_64
xorg-x11-drv-s3virge 1.10.6-2.el6.x86_64
webkitgtk 1.2.6-2.el6_0.x86_64
libmcpp 2.7.2-4.1.el6.x86_64
rarian 0.8.1-5.1.el6.x86_64
glibc 2.12-1.107.el6.x86_64
Expand Severity Title Port/Service
1
Ruby Installed on Host
QID:
45185
Category:
Information gathering
CVE ID:
-
Vendor Reference
Ruby
Bugtraq ID:
-
Service Modified:
01/16/2013
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Ruby is a programming language.

Ruby is installed on target host.

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
ruby 1.8.7 (2011-06-30 patchlevel 352) [x86_64-linux]
Expand Severity Title Port/Service
1
Internet Protocol version 6 (IPv6) Enabled on Target Host
QID:
45193
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/23/2013
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Internet Protocol version 6 (IPv6) is the latest revision of the Internet Protocol (IP), the communications protocol that routes traffic across the Internet. It is intended to replace IPv4, which still carries the vast majority of Internet traffic as of 2013.

This QID uses the registry key mentioned in Microsoft KB929852 to determine if IPv6 is enabled.

The detection works in the following way:
1) For Windows 2000,XP,2003
-- Check for existence of key "HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters"
2) For Windows Vista or 2008 or Windows 7 or Windows 8 or Windows Server 2012 and Windows RT:
-- It checks the value of "DisabledComponents" for key "HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters"
Note: This checks make use of Windows Management Instrumentation(WMI) to list IPv6 Addresses on target.

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
inet6 addr: fe80::62eb:69ff:fe8f:4220/64 Scope:Link
inet6 addr: fe80::62eb:69ff:fe8f:4221/64 Scope:Link
inet6 addr: ::1/128 Scope:Host
Expand Severity Title Port/Service
1
Open TCP Services List
QID:
82023
Category:
TCP/IP
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
06/15/2009
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The port scanner enables unauthorized users with the appropriate tools to draw a map of all services on this host that can be accessed from the Internet. The test was carried out with a "stealth" port scanner so that the server does not log real connections.

The Results section displays the port number (Port), the default service listening on the port (IANA Assigned Ports/Services), the description of the service (Description) and the service that the scanner detected using service discovery (Service Detected).

IMPACT:
Unauthorized users can exploit this information to test vulnerabilities in each of the open services.
SOLUTION:
Shut down any unknown or unused service on the list. If you have difficulty figuring out which service is provided by which process or program, contact your provider's support team. For more information about commercial and open-source Intrusion Detection Systems available for detecting port scanners of this kind, visit the CERT Web site.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
PortIANA Assigned Ports/ServicesDescriptionService DetectedOS On Redirected Port
22sshSSH Remote Login Protocolssh
Expand Severity Title Port/Service
1
ICMP Replies Received
QID:
82040
Category:
TCP/IP
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
01/16/2003
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
ICMP (Internet Control and Error Message Protocol) is a protocol encapsulated in IP packets. ICMP's principal purpose is to provide a protocol layer that informs gateways of the inter-connectivity and accessibility of other gateways or hosts.

We have sent the following types of packets to trigger the host to send us ICMP replies:

Echo Request (to trigger Echo Reply)
Timestamp Request (to trigger Timestamp Reply)
Address Mask Request (to trigger Address Mask Reply)
UDP Packet (to trigger Port Unreachable Reply)
IP Packet with Protocol >= 250 (to trigger Protocol Unreachable Reply)

Listed in the "Result" section are the ICMP replies that we have received.

SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
ICMP Reply TypeTriggered ByAdditional Information
Unreachable (type=3 code=10)(Various)Destination Host Prohibited
Echo (type=0 code=0)Echo RequestEcho Reply
Time Stamp (type=14 code=0)Time Stamp Request09:21:15 GMT
Expand Severity Title Port/Service
1
Degree of Randomness of TCP Initial Sequence Numbers
QID:
82045
Category:
TCP/IP
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
11/19/2004
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
TCP Initial Sequence Numbers (ISNs) obtained in the SYNACK replies from the host are analyzed to determine how random they are. The average change between subsequent ISNs and the standard deviation from the average are displayed in the RESULT section. Also included is the degree of difficulty for exploitation of the TCP ISN generation scheme used by the host.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Average change between subsequent TCP initial sequence numbers is 1291216917 with a standard deviation of 537943189. These TCP initial sequence numbers were triggered by TCP SYN probes sent to the host at an average rate of 1/(6986 microseconds). The degree of difficulty to exploit the TCP initial sequence number generation scheme is: hard.
Expand Severity Title Port/Service
1
IP ID Values Randomness
QID:
82046
Category:
TCP/IP
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
07/27/2006
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The values for the identification (ID) field in IP headers in IP packets from the host are analyzed to determine how random they are. The changes between subsequent ID values for either the network byte ordering or the host byte ordering, whichever is smaller, are displayed in the RESULT section along with the duration taken to send the probes. When incremental values are used, as is the case for TCP/IP implementation in many operating systems, these changes reflect the network load of the host at the time this test was conducted.

Please note that for reliability reasons only the network traffic from open TCP ports is analyzed.

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
IP ID changes observed (network order) for port 22: 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1
Duration: 29 milli seconds
Expand Severity Title Port/Service
1
Unix User List
QID:
105085
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
01/12/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The report sections catalogs users found on the host system.
IMPACT:
Make sure that the user list adheres to your security policy, so it's not possible for unauthorized users to launch attacks from the host.
SOLUTION:
Remove or modify users to comply with your security policy.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
root
mwhelan.adm
bin
daemon
adm
lp
sync
shutdown
halt
mail
news
uucp
operator
games
gopher
ftp
nobody
rpm
wnn
rpc
xfs
gdm
rpcuser
nscd
ident
radvd
postgres
apache
pcap
sshd
smmsp
desktop
canna
amanda
webalizer
postfix
pvm
radiusd
ldap
netdump
quagga
kohls
defriese
konrad
altpeter
golin
craft
kutcher
randolph
pathman
fraher
mysql
perreira
kaluzny
rohweder
bunton
sizimmer
stilden
aginginfo
ntp
akers
daaleman
pcwebserver
sstearns
mailnull
vcsa
jonsson
cmartin
gboswell
gpink
oracle
mfunk
clorenz
cahfinance
ybiblin
changepass
kwessell
bmark
cmccall
emcclain
jknop
atytell
named
yyou
jsvihula
rferrari
cyrus
rahansen
fdn_description
fdn_search
aradford
tshubert
defrieseblackberry
abiddle
wilismail
nsiebens
racvnc
kscanlon
kdonahue
emchuang
connect
suggestions
djonas
bugzilla
dreuland
dirwin
cronmail
flexmonitoring
vhawk
provider_summit
cdeleon
mweinber
dllong
jag
dcash
dsmb
kjmorgan
mdemarco
dbelsky
byorkery
nciom
dsoto
safetynet
gboyer
knauer
asblack
nciom_shared
sgreen
gqifaxpdf
kjason
coybea
cybermation
psloane
kludwig
bls
galanko
agreeley
lindako
rswells
kmccombs
crosemon
csommer
mhpalmer
ioadirectors
dbus
unc-90a98a0c606$
lpenny
unc-l3afr1z$
schsr-39ccbc954$
schsr-c43757d25$
elockamy
sakarim
djwl8lc1$
d1xl8lc1$
ddq257b1$
d7n6skc1$
dbyl8lc1$
d2yl8lc1$
d1vl8lc1$
djf13p71$
d5412sc1$
mparikh
schsr-9a7a5e3ea$
cwines
haymore
schsr-31c09a77c$
mbards
shepsseawright$
ddzns5f1$
whelan-t43-vist$
whelan-t43v$
schsr-fff6ae56e$
schsr-74335921c$
ioa-230d$
jcscott
ioa-219$
dhdwfqc1$
schsr-51a2c3054$
ioa-230bleft$
d8khyqg1$
unc-4a5812aa126$
d4tpv251$
d1p5rsb1$
lambdellxp8200$
dg886dc1$
ioa-200a$
d93w9b81$
unc-l3gl555$
ioa-105b$
ioa-101g$
schsr-599182419$
ioa-101h$
unc-acaf9e3dc99$
schsr-1c6fd5205$
dgvnfhh1$
djp35sb1$
dwadell8200$
dhn5rsb1$
d238rt51$
ioa-100c$
dfnn6g51$
dh47mfg1$
ddgjzq91$
dfkhyqg1$
d6fnlz71$
dfvnfhh1$
d1b5kjl1$
nagios
lathren
sbrode
d9znrfc1$
d9vnfhh1$
maiga
dffv8vl1$
jlund
d5gjzq91$
hgross
valuestudy
thobgood
zullig
bshackne
carrdc
schsr-a591aa0e3$
unc-ef581e47546$
projectgrace
nwabuzor
adrianm
nyrop
careshare
dakirk
ahdunbar
ejturner
dinan
df2x0sl1$
schsr-833a31266$
bcepeda
hramick
tobinm
brownley
zke1
sirkus
dlrosen
vpate
mabrook
lairwins
lleone
blayton
haldaemon
avahi
avahi-autoipd
shepstest$
schsr-c6d68693a$
knbrugh
smithdb
lbnewman
cmingo
newkirkv
slesesne
neuwahl
andrelb
dboozer
vcdacost
mellingt
felixa
faurot
abauer
jipatel
majani
rapage
mykaelaw
ioa200wkstudy$
styree
delmonte
dbfranci
ncosta
beaubrun
tstrigo
wcamelo
wyss
uccchw
lmccall
aswise
stateloanrepaymentproject
guangya
blalocks
dusinger
banas
wonyull
whelan-xp$
robinms
mbush8
caim
psamai
jvtodd
stedmans
panozzo
jlauffen
mesnad
xli
cnassef
arellis
acaprio
dsmacdon
rgoyal
jder
sophia
mwhelan
vcrisis
ltleadbe
yeatts
caspian
ramirez1
willialw
btbanks
opciones
smrutled
vmcgee
jiarongw
migrator
njenkins
cjschwar
plshaw
trickett
mcclure3
kcthomas
tcrutch
morrisse
lwerner
diehl
lchanson
cllewis
menielse
lcb82
jthorp
lwcohen
gilliamm
ibroyles
wallace
ausros01
mjsteine
ears
sylee
jacobssr
sschiro
zolotor
rablanco
mckeeman
vhoffman
mcrowson
emko
sayner
mclamber
kkerwin
morrismr
kroque
esnyder
lukeh
kraziarp
shava
arakawa
hardykd
lcwatson
halladay
reiter
cgale
dmaher
alexanlf
cbaker88
beadles
ark99
jgroves
sbgreene
pablackw
jhasti
scobrien
shirleyf
psilberm
rewillia
maddiem
pclevela
ykchang
pergolot
akranz
asimmons
eholdsw
tbards
naheedqs
kristae
jldecler
hendrixl
asbeeber
hlongmir
taconrad
ubader
bgodley
johnstad
alsalaat
mdomino
chwillia
wilkinst
mwhelanxp-vm$
dw99
motunde
vaugh
jsdill
norel
ewsmith
otrsmail
jchunter
carameta
abanask
ssayers
rhstone
arossouw
huanl
funte
maschwim
kodaniel
clrowe
villal
harrisr
amedward
lichstei
cvoisin
bergmire
cquach
forneris
jjurkiew
aweil
spara
clgray
mgokhale
ealcorn
lwbolton
kjundt12
greenroy
bbreeve
kirsteh
ljclayto
dmcmahan
cschwarz
spearma
monitor
gauchat
velloza
ellisar
bcass
lijustin
darterjd
atley
alroddy
kaodom
mgvn
kweisner
kistler
perryjr
freburg
kandring
dfarrar
farrar
chogue
hogue
rural
curasi
vmarshal
jgmarsha
magreen
rjs
bsleath
shwillia
crmoore
ajackman
mefraser
cislo
afdalton
zweifel
ajviera
awells82
cblument
tscarey
aspden
dewalt
dsdrummo
dantefan
berman
ecschnei
vfreeman
jgarrett
geraldg
gaulk
pguild
hhadley
tandreah
maiden
gholmes
kmab
cusack
foustkv
wardkt
lcallaha
lrchisho
dimartin
lhendrsn
cutchin
mchayes
kimim
melmann
mlmannin
mkray
chelminp
dilworth
pagodley
tealr
sbd
haviland
pierson
susanrg
richarsa
sqroyste
ssherida
sophia1
mielenz
twashing
delavarr
chariyev
sheps.agilbert
sheps.agreenblatt
sheps.aknapton
sheps.bloomis
sheps.brinson
sheps.bustillo
sheps.case
sheps.cburt
sheps.ccouncil
sheps.cginley
sheps.cmb
sheps.cwilliams
sheps.cwoodell
sheps.dedwards
sheps.dmafa
sheps.dparker
sheps.dthigpen
sheps.dwharles
sheps.erichmond
sheps.froschd
sheps.fwilson
sheps.gperez
sheps.hbrill
sheps.herrerai
sheps.jmbrown
sheps.krolmsted
sheps.kthaler
sheps.lfrisman
sheps.llaird
sheps.lmonroe
sheps.lmorgan
sheps.lux
sheps.mancudc
sheps.martino
sheps.mashok
sheps.mays
sheps.nberkman
sheps.psista
sheps.sellsworth
sheps.slloyd
sheps.speacock
sheps.stanford
sheps.sthaker
sheps.tphillips
sheps.uminn
sheps.vandy
sheps.viswanathan
sheps.wlanderson
sheps.zwiggins
meyera
andreay
gaynes
schoster
abunger
cherbear
gcuddeba
reedda
corbiesm
rgoetze
hlkendra
jmcarpen
garbutt
jencm
mjolles
catwoman
mpollock
ksalisbu
blamb
ljedward
rlgillia
moglesbe
shender1
wqstepha
wrc4
how
wknichol
ajwong
sheps.dnorwood
bwhitene
echarden
egw
withay
jak
brouckso
kmlowe
liana
leshort
mandsage
pjstein
abstout
mcdshaun
talbrit
jenkins7
vansc005
yferguso
cporter
wllogan
robchris
cdejones
sheps.kien
sheps.tphillips252
lyonsman
rwicker
sheps.len
otrs
vdhandha
kost
lbanks
jkatz6
gbhamra
lauraq03
sas
sheps.schulte
dwrodrig
apgoode
lywhite
ajkatz
rey
ronakp
sheps.ncbop
sheps.ncchiroboard
sheps.ncdentalboard
sheps.ncmedboard
sheps.ncbon
sheps.ncbot
sheps.ncoptometry
sheps.ncptboard
sheps.ncbpe
sheps.ncpsych
sheps.ncrcb
jcmiddle
mbhojani
eperrin
hannap
jsonis
moloney
rsalloum
dibarnes
sheps.hng
agans
marean
rcchen
tkuo
nsheets
kgraveli
mrwaters
ecahoon
lindsayb
ywu8
melvinl
homari
nfsnobody
sabayon
aimyong
cjbarcla
chelu
akampov
amw45
sheps.jtalcott
shaw0002
slewis7
grayt
mbelden
jironali
cdmack
teharvey
kba9
lcnewton
jboortz
rdanem
elbogen
moeykens
egracef
stuermer
kmottus
kimplead
ntbrewer
defrank
mvu
elstad
amdeal
dmoore9
jrumbach
perreras
sheps.wynn
jacks
collinl
sheps.etant
pennd
tkinsey
johnmcge
ambutler
vhogan
donohuek
kzblack
rebland
tghazari
tvemily
tsnyder
wrightdc
alstar7
sheps.lucia
sheps.steixeira
sheps.achepaitis
scyker
munishi
sutkowi
sethc
ladrake
sheps.adamsj
rclevela
cswgreen
cdryan
slota
puppet
portal.shepscenter.unc.edu
smille
nvanderw
ggoldin
rees
abrt
oprofile
tcpdump
pulse
nslcd
saslauth
Expand Severity Title Port/Service
1
"At" Command Configuration
QID:
105143
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
03/22/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The "At" command allows users to run executables on the system at arbitrary future times. Depending on site policy, this could be considered as a security threat.

The superuser may use these commands in any case. For other users, permission to use the "at" command is determined by the files /etc/at.allow and /etc/at.deny.

If the file /etc/at.allow exists, only usernames mentioned in the file are allowed to use the "at" command. If /etc/at.allow does not exist, /etc/at.deny is checked, and every username not mentioned in it is then allowed to use the "at" command. If neither file exists, only the superuser is allowed use of the "at" command. An empty /etc/at.deny means that all users are allowed access. This is the default configuration.

Note: The Results section is formatted in the following way: It first lists the "ls -la" permissions of any /etc/at.allow or /etc/at.deny files on the target. If present, the contents of the files are "cat"ed (at.deny is typically empty, so it will show up as white space). If the "ls -la" line and the contents of the corresponding file are not shown, it means the file does not exist on the target.

IMPACT:
N/A
SOLUTION:
Please check the configuration to ensure only authorized users of the system have access to the "at" command.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
-rw-r--r-- 1 root root 1 Jan 19 2012 /etc/at.deny
Expand Severity Title Port/Service
1
Linux - Network Parameter - tcp_max_syn_backlog Value
QID:
105301
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/01/2006
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The value specifies the maximum number of remembered connection requests which have not yet received an acknowledgment from the connecting client.
IMPACT:
N/A
SOLUTION:
The Center for Internet Security recommends that the value be set to 4096.

This value can be enabled in Linux by editing the /etc/sysctl.conf to reflect the following:
net.ipv4.tcp_max_syn_backlog = 4096

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
2048
Expand Severity Title Port/Service
1
Linux - Network Parameter - rp_filter Value
QID:
105302
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/11/2006
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The rp_filter can reject incoming packets if their source address doesn't match the network interface that they're arriving on.

The conf/all/rp_filer value is boolean:

0 - No source validation.

1 - Do source validation.

IMPACT:
If source validation is enabled this helps to prevent IP spoofing.
SOLUTION:
The Center for Internet Security recommends that the value be set to 1.

This value can be enabled in Linux by editing the /etc/sysctl.conf to reflect the following:
net.ipv4.conf.all.rp_filter = 1 net.ipv4.conf.default.rp_filter = 1

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
/proc/sys/net/ipv4/conf/all/rp_filter:0
Expand Severity Title Port/Service
1
Linux - Network Parameter - accept_source_route Value
QID:
105303
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/11/2006
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The accept_source_route value specifies how to handle packets with the SSR option set.

The conf/all/accept_source_route value is boolean:

0 - Do not accept packets

1 - Accept packets

IMPACT:
N/A
SOLUTION:
The Center for Internet Security recommends that the value be set to 0.

This value can be enabled in Linux by editing the /etc/sysctl.conf to reflect the following:
net.ipv4.conf.all.accept_source_route = 0 net.ipv4.conf.default.accept_source_route = 0

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
No results available
Expand Severity Title Port/Service
1
Linux - Network Parameter - accept_redirects Value
QID:
105304
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/11/2006
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The accept_redirects variable specifies if the system should accept ICMP redirect messages.

The conf/all/accept_redirects value is boolean:

0 - Do not accept ICMP redirect messages.

1 - Accept ICMP redirect messages.

IMPACT:
N/A
SOLUTION:
The Center for Internet Security recommends that the value be set to 0.

This value can be enabled in Linux by editing the /etc/sysctl.conf to reflect the following:
net.ipv4.conf.all.accept_redirects = 0 net.ipv4.conf.default.accept_redirects = 0

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
/proc/sys/net/ipv4/conf/all/accept_redirects:1
/proc/sys/net/ipv4/conf/default/accept_redirects:1
/proc/sys/net/ipv4/conf/eth0/accept_redirects:1
/proc/sys/net/ipv4/conf/eth1/accept_redirects:1
Expand Severity Title Port/Service
1
Linux - Network Parameter - secure_redirects Value
QID:
105306
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/11/2006
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The secure_redirects variable specifies if the system should accept ICMP redirect messages from any host, anywhere.

The conf/all/secure_redirects value is boolean:

0 - Accept ICMP redirect messages from any host.

1 - Accept ICMP redirect messages from gateways listed in default gateway list.

IMPACT:
N/A
SOLUTION:
The Center for Internet Security recommends that the value be set to 0.

This value can be enabled in Linux by editing the /etc/sysctl.conf to reflect the following:
net.ipv4.conf.all.secure_redirects = 0 net.ipv4.conf.default.secure_redirects = 0

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
/proc/sys/net/ipv4/conf/all/secure_redirects:1
/proc/sys/net/ipv4/conf/default/secure_redirects:1
/proc/sys/net/ipv4/conf/eth0/secure_redirects:1
/proc/sys/net/ipv4/conf/eth1/secure_redirects:1
Expand Severity Title Port/Service
1
Unix Environment Variables
QID:
115041
Category:
Local
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
01/10/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The result section shows environment variables on the target machine.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
HOSTNAME=s192.schsr.unc.edu
TERM=vt100
SHELL=/bin/bash
HISTSIZE=1000
SSH_CLIENT=152.2.20.88 54319 22
QTDIR=/usr/lib64/qt-3.3
QTINC=/usr/lib64/qt-3.3/include
SSH_TTY=/dev/pts/0
USER=monitor
LS_COLORS=rs=0:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=01;05;37;41:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arj=01;31:*.taz=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.zip=01;31:*.z=01;31:*.Z=01;31:*.dz=01;31:*.gz=01;31:*.lz=01;31:*.xz=01;31:*.bz2=01;31:*.tbz=01;31:*.tbz2=01;31:*.bz=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.rar=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.jpg=01;35:*.jpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.axv=01;35:*.anx=01;35:*.ogv=01;35:*.ogx=01;35:*.aac=01;36:*.au=01;36:*.flac=01;36:*.mid=01;36:*.midi=01;36:*.mka=01;36:*.mp3=01;36:*.mpc=01;36:*.ogg=01;36:*.ra=01;36:*.wav=01;36:*.axa=01;36:*.oga=01;36:*.spx=01;36:*.xspf=01;36:di=01;35:
MAIL=/var/spool/mail/monitor
PATH=/usr/lib64/qt-3.3/bin:/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin:/mnt/files/users/monitor/bin
PWD=/mnt/files/users/monitor
LANG=en_US.UTF-8
SSH_ASKPASS=/usr/libexec/openssh/gnome-ssh-askpass
HISTCONTROL=ignoredups
SHLVL=1
HOME=/mnt/files/users/monitor
ORIG_PATH=/usr/lib64/qt-3.3/bin:/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin:/mnt/files/users/monitor/bin
LOGNAME=monitor
QTLIB=/usr/lib64/qt-3.3/lib
CVS_RSH=ssh
SSH_CONNECTION=152.2.20.88 54319 152.2.35.192 22
LESSOPEN=|/usr/bin/lesspipe.sh %s
G_BROKEN_FILENAMES=1
_=/usr/bin/env
Expand Severity Title Port/Service
1
File System Information
QID:
115044
Category:
Local
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
01/10/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The result section lists file systems currently supported by the target host.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
nodev sysfs
nodev rootfs
nodev bdev
nodev proc
nodev cgroup
nodev cpuset
nodev tmpfs
nodev devtmpfs
nodev binfmt_misc
nodev debugfs
nodev securityfs
nodev sockfs
nodev usbfs
nodev pipefs
nodev anon_inodefs
nodev inotifyfs
nodev devpts
nodev ramfs
nodev hugetlbfs
iso9660
nodev pstore
nodev mqueue
ext3
xfs
nodev rpc_pipefs
nodev autofs
nodev nfsd
Expand Severity Title Port/Service
1
Hard Drive Device Information
QID:
115045
Category:
Local
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
01/10/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The results section displays the target system's current hard drives.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
#
# /etc/fstab
# Created by anaconda on Sat May 7 16:49:26 2011
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/VolGroup_ID_11572-LogVol1 / ext3 defaults 1 1
UUID=d3a137e4-71d2-4c1c-8069-a777aa7814b7 /boot ext3 defaults 1 2
/dev/mapper/VolGroup_ID_11572-LogVol2 /tmp ext3 defaults 1 2
/dev/mapper/VolGroup_ID_11572-LogVol5 /usr ext3 defaults 1 2
/dev/mapper/VolGroup_ID_11572-LogVol4 /var ext3 defaults 1 2
/dev/mapper/VolGroup_ID_11572-LogVol0 swap swap defaults 0 0
tmpfs /dev/shm tmpfs defaults 0 0
devpts /dev/pts devpts gid=5,mode=620 0 0
sysfs /sys sysfs defaults 0 0
proc /proc proc defaults 0 0
/dev/VolGroup_ID_11572/LogVolHome /home ext3 defaults 1 2
/dev/sdb1 /mnt/nfs4 xfs defaults 0 0
/dev/sdc1 /mnt/backup-sheps xfs defaults 0 0
Expand Severity Title Port/Service
1
Disk Usage Information
QID:
115046
Category:
Local
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
01/10/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The result section shows the amount of free space left on currently mounted drives.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/mapper/VolGroup_ID_11572-LogVol1
3031760 435572 2442180 16% /
tmpfs 8157764 0 8157764 0% /dev/shm
/dev/sda2 198337 56675 131422 31% /boot
/dev/mapper/VolGroup_ID_11572-LogVol2
516040 16824 473004 4% /tmp
/dev/mapper/VolGroup_ID_11572-LogVol5
46638048 2507948 41760976 6% /usr
/dev/mapper/VolGroup_ID_11572-LogVol4
57411860 3924968 50570540 8% /var
/dev/mapper/VolGroup_ID_11572-LogVolHome
24351124 433676 22680456 2% /home
/dev/sdb1 3904036356 910526628 2993509728 24% /mnt/nfs4
/dev/sdc1 15621693440 6724852592 8896840848 44% /mnt/backup-sheps
Expand Severity Title Port/Service
1
Processor Information for Unix Target
QID:
115048
Category:
Local
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
11/02/2006
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The result section displays the processor information of the Unix based host system.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
No results available
Expand Severity Title Port/Service
1
Memory Information
QID:
115049
Category:
Local
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
03/22/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The results section shows the total amount of free and used physical memory and swap space on the host system in megabytes. It also shows buffers and cache consumed by the kernel.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
total used free shared buffers cached
Mem: 15933 15108 824 0 30 2236
-/+ buffers/cache: 12841 3091
Swap: 8191 0 8191
Total: 24125 15108 9016
Expand Severity Title Port/Service
1
cron.allow File Does Not Exist
QID:
115065
Category:
Local
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
06/23/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The "cron.allow" file was not found on this system.

The cron daemon runs shell commands at specified dates and times. It is executed upon system initialization and remains active while the system is operating in multi-user mode.

When the crontab command is invoked, it examines the files "cron.deny" and "cron.allow" in the system's cron directory to grant or revoke the modification of the crontab spool file. If a username appears in the "cron.allow" file, the crontab command may be executed. If that file does not exist and the user's name does not appear in the "cron.deny" file, then cron can be used.

IMPACT:
cron can potentially be invoked by users for whom it is not intended.
SOLUTION:
Check to be sure that the absence of the "cron.allow" file is in compliance with your organization's security policy.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
No results available
Expand Severity Title Port/Service
1
daemon.notice Entry Missing in syslog.conf
QID:
115068
Category:
Local
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
07/19/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The file /etc/syslog.conf contains information used by the system log daemon (syslogd) to forward a system message to appropriate log files and/or users. An entry of the form:

daemon.notice[Tab]logfile

ensures that all conditions involving daemons (such as ftpd) that are not error conditions are logged in a logfile. This entry was found to be missing from the syslog.conf file.

IMPACT:
N/A
SOLUTION:
Ensure that the absence of the daemon.notice entry is in compliance with your organization's security policy.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
grep: /etc/syslog.conf: No such file or directory
Expand Severity Title Port/Service
1
Kernel Routing Tables Information
QID:
125000
Category:
Forensics
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
02/22/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The result section displays the kernel routing tables for the target host.
IMPACT:
N/A
SOLUTION:
Check to be sure that the information reported adheres to your security policy.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
152.2.35.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
0.0.0.0 152.2.35.1 0.0.0.0 UG 0 0 0 eth0
Expand Severity Title Port/Service
1
Host File Information
QID:
125004
Category:
Forensics
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
08/08/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The /etc/hosts file is a local database that associates the names of hosts with their Internet Protocol (IP) addresses. The hosts file can be used in conjunction with, or instead of, other hosts databases including the Domain Name System (DNS), the NIS hosts map, and the NIS+ hosts table. Programs use library interfaces to access information in the hosts file.
IMPACT:
The /etc/hosts file can be tampered with in such a way that a hostname is translated into a malicious IP.
SOLUTION:
Make sure that the configuration reported adheres to your security policy.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
127.0.0.1 localhost.localdomain localhost
::1 s192.schsr.unc.edu s192 localhost6.localdomain6 localhost6
152.2.35.103 puppet
152.2.35.99 datasets
152.2.35.82 cecil
152.2.35.88 sas_intrnet
152.2.35.208 web1dev
152.2.35.211 crc crcseniors
Expand Severity Title Port/Service
1
SSH daemon information retrieving port 22/tcp
QID:
38047
Category:
General remote services
CVE ID:
CVE-1999-0634
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
04/21/2009
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
SSH is a secure protocol, provided it is fully patched, properly configured, and uses FIPS approved algorithms.


For Red Hat ES 4:-

SSH1 supported					yes

Supported authentification methods for SSH1	RSA,password

Supported ciphers for SSH1			3des,blowfish

SSH2 supported					yes

Supported keys exchange algorithm for SSH2	diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

Supported decryption ciphers for SSH2		aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr

Supported encryption ciphers for SSH2		aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr

Supported decryption mac for SSH2		hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

Supported encryption mac for SSH2		hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

Supported authentification methods for SSH2	publickey,gssapi-with-mic,password

IMPACT:
Successful exploitation allows an attacker to execute arbitrary commands on the SSH server or otherwise subvert an encrypted SSH channel with arbitrary data.
SOLUTION:
SSH version 2 is preferred over SSH version 1.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
SSH1 supportedno
SSH2 supportedyes
Supported keys exchange algorithm for SSH2diffie-hellman-group-exchange-sha256, diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha1, diffie-hellman-group1-sha1
Supported decryption ciphers for SSH2aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se
Supported encryption ciphers for SSH2aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se
Supported decryption mac for SSH2hmac-md5, hmac-sha1, umac-64@openssh.com, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-sha1-96, hmac-md5-96
Supported encryption mac for SSH2hmac-md5, hmac-sha1, umac-64@openssh.com, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-sha1-96, hmac-md5-96
Supported authentication methods for SSH2password, publickey
Expand Severity Title Port/Service
1
SSH Banner port 22/tcp
QID:
38050
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
02/04/2003
User Modified:
-
Edited:
No
PCI Vuln:
No
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
SSH-2.0-OpenSSH_5.3
Expand Severity Title Port/Service
1
Unix Authentication Method port 22/tcp
QID:
38307
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
09/06/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Unix authentication was performed. The Result section in your detailed results displays the authentication method that was used for this host.

Unix authentication is used to obtain remote access to different command line services such as SSH, telnet and rlogin. Specified credentials must include a user name and may include a password, an RSA private key and/or a DSA private key. When authenticating to target hosts that support SSH2, authentication is attempted in the following order: 1) RSA key, 2) DSA key and 3) user name and password. For target hosts that only support SSH1, only the supplied user name and password are used for authentication.

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
User Namemonitor
Authentication SchemeDSA Key
ProtocolSSH Version 2
Discovery MethodLogin credentials provided by user
Using sudoNo
Authentication RecordDSA Authentication
Expand Severity Title Port/Service
3
Administrator Account's Password Does Not Expire
 
QID:
90080
Category:
Windows
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
04/26/2013
User Modified:
-
Edited:
No
PCI Vuln:
Yes
CVSS Base:
7.5[1]
CVSS Temporal:
7.1
THREAT:
The scanner probed the Security & Accounts Database (SAM) and found that the target Windows box's Administrator account has a password that does not expire.
IMPACT:
Depending on the site's policy, this may be considered a security vulnerability since it allows attackers an infinite duration to try bruteforcing (guessing over multiple login attempts) the password for the account.
SOLUTION:
Reconfigure the Administrator account's properties to expire the password after a specified duration per the site's policy. Ideally, domain-wide policies should be set on the Domain Controller so that all Windows hosts on the domain comply automatically, and each individual host does not need to be configured.

Note that the Administrator account on the Domain Controller(s) will always have a password that does not expire, since the option check box in the properties dialog box for this account is greyed out.

Additional details can be found under QID 45031 "Accounts Enumerated From SAM Database Whose Passwords Do Not Expire."

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
No results available
Expand Severity Title Port/Service
3
Microsoft Windows win32k.sys Local Kernel Denial of Service Vulnerability - Zero Day
 
QID:
90599
Category:
Windows
CVE ID:
CVE-2010-1734
Vendor Reference
-
Bugtraq ID:
39631
Service Modified:
04/22/2010
User Modified:
-
Edited:
No
PCI Vuln:
No
CVSS Base:
4.9
CVSS Temporal:
4.4
THREAT:
Windows kernel is the core of the operating system. It provides system level services such as device management and memory management, allocates processor time to processes, and manages error handling.

Windows kernel is exposed to a denial of service vulnerability caused by an error in the Win32k.sys file. Specifically, the SfnINSTRING function is affected.

Affected Versions:
Microsoft Windows 2000, XP and 2003 32bit Operating Systems.

IMPACT:
Successfully exploiting this vulnerability might allow a local attacker to cause denial-of-service.
SOLUTION:
There are no vendor supplied patches available at this time.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
Reference:
CVE-2010-1734
Description:
Windows 2000/XP/2003 win32k.sys SfnINSTRING local kernel Denial of Service Vulnerability - The Exploit-DB Ref : 12337
Link:
http://www.exploit-db.com/exploits/12337
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Microsoft Windows win32k.sys local kernel Denial of Service (BSoD) Vulnerability
Expand Severity Title Port/Service
3
SSL Server Has SSLv2 Enabled Vulnerability port 443/tcp over SSL
 
QID:
38139
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/09/2012
User Modified:
-
Edited:
No
PCI Vuln:
Yes
CVSS Base:
4[1]
CVSS Temporal:
3.6
THREAT:
The Secure Socket Layer (SSL) protocol allows for secure communication between a client and a server.

There are known flaws in the SSLv2 protocol. A man-in-the-middle attacker can force the communication to a less secure level and then attempt to break the weak encryption. The attacker can also truncate encrypted messages.

These flaws have been fixed in SSLv3 (or TLSv1). Most servers (including all popular Web servers, mail servers, etc.) and clients (including Web-clients like IE, Netscape Navigator and Mozilla and mail clients) support both SSLv2 and SSLv3. However, SSLv2 is enabled by default for backward compatibility.

The following link provides more information about this vulnerability:
Analysis of the SSL 3.0 Protocol

IMPACT:
An attacker can exploit this vulnerability to read secure communications or maliciously modify messages.
SOLUTION:
Disable SSLv2.

Typically, for Apache/mod_ssl, httpd.conf or ssl.conf should have the following lines:
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM

For Apache/apache_ssl, httpd.conf or ssl.conf should have the following line:
SSLNoV2

How to disable SSLv2 on IIS : Microsoft Knowledge Base Article - 187498
How to Restrict the Use of Certain Cryptographic Algorithms and Protocols in Schannel.dll : Microsoft Knowledge Base Article - 245030

For IIS 7, refer to the article How to Disable SSL 2.0 in IIS 7 for further information.

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Established SSLv2 connection using DES-CBC3-MD5 cipher.
Expand Severity Title Port/Service
2
Hidden RPC Services
 
QID:
11
Category:
RPC
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
01/01/1999
User Modified:
-
Edited:
No
PCI Vuln:
Yes
CVSS Base:
5[1]
CVSS Temporal:
3.6
THREAT:
The Portmapper/Rpcbind listens on port 111 and stores an updated list of registered RPC services running on the server (RPC name, version and port number). It acts as a "gateway" for clients wanting to connect to any RPC daemon.

When the portmapper/rpcbind is removed or firewalled, standard RPC client programs fail to obtain the portmapper list. However, by sending carefully crafted packets, it's possible to determine which RPC programs are listening on which port. This technique is known as direct RPC scanning. It's used to bypass portmapper/rpcbind in order to find RPC programs running on a port (TCP or UDP ports). On Linux servers, RPC services are typically listening on privileged ports (below 1024), whereas on Solaris, RPC services are on temporary ports (starting with port 32700).

IMPACT:
Unauthorized users can build a list of RPC services running on the host. If they discover vulnerable RPC services on the host, they then can exploit them.
SOLUTION:
Firewalling the portmapper port or removing the portmapper service is not sufficient to prevent unauthorized users from accessing the RPC daemons. You should remove all RPC services that are not strictly required on this host.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
NameProgramVersionProtocolPort
portmap/rpcbind1000002tcp111
Expand Severity Title Port/Service
2
Global User List
 
QID:
45002
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
04/08/2009
User Modified:
-
Edited:
No
PCI Vuln:
Yes
CVSS Base:
5[1]
CVSS Temporal:
4.7
THREAT:
This is the global system user list, which was retrieved during the scan by exploiting one or more vulnerabilities. The Qualys IDs for the vulnerabilities leading to the disclosure of these users are also given in the Result section. Each user will be displayed only once, even though it may be obtained by using different methods.
IMPACT:
These common account(s) can be used by a malicious user to break-in the system via password bruteforcing.
SOLUTION:
To prevent your host from being attacked, do one or more of the following:
  • Remove (or rename) unnecessary accounts
  • Shutdown unnecessary network services
  • Ensure the passwords to these accounts are kept secret
  • Use a firewall to restrict access to your hosts from unauthorized domains
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
User NameSource Vulnerability (QualysID)
Administrator45032, 45031
hsl.guest90266, 45027, 45031
SUPPORT_388945a045027, 45031
ASPNET45031
ILLiadAdmin45031
IUSR_UNCHSL1045031
IWAM_UNCHSL1045031
Expand Severity Title Port/Service
2
NetBIOS Name Accessible
 
QID:
70000
Category:
SMB / NETBIOS
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
04/28/2009
User Modified:
-
Edited:
No
PCI Vuln:
No
CVSS Base:
0[1]
CVSS Temporal:
0
THREAT:
Unauthorized users can obtain this host's NetBIOS server name from a remote system.
IMPACT:
Unauthorized users can obtain the list of NetBIOS servers on your network. This list outlines trust relationships between server and client computers. Unauthorized users can therefore use a vulnerable host to penetrate secure servers.
SOLUTION:
If the NetBIOS service is not required on this host, disable it. Otherwise, block any NetBIOS traffic at your network boundaries.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
UNCHSL10
Expand Severity Title Port/Service
2
Default Windows Administrator Account Name Present
 
QID:
90081
Category:
Windows
CVE ID:
CVE-1999-0585
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
06/04/2009
User Modified:
-
Edited:
No
PCI Vuln:
No
CVSS Base:
2.1
CVSS Temporal:
2
THREAT:
The scanner probed the LSA, Local Security Authority, for the administrator account's name. The target has the default/out-of-the-box name "Administrator" set.
IMPACT:
Most attackers and malicious scripts assume an administrator account name of "Administrator" on Windows systems. If the target has not changed this name, it will simplify the task of the attacker, for example in bruteforcing the password for the account.
SOLUTION:
Change the administrator account's name to a non-default value.

Please note that if the scanner has been configured to use Windows Authentication and uses the local administrator account (as against a domain-admin account) to scan this target, the scanner will need to be reconfigured to use the new administrator account name instead.

COMPLIANCE:
Type: CobIT
Section: DS5.4
Description: User Account Management Ensure that requesting, establishing, issuing, suspending, modifying and closing user accounts and related user privileges are addressed by user account management. An approval procedure outlining the data or system owner granting the access privileges should be included. These procedures should apply for all users, including administrators (privileged users), internal and external users, for normal and emergency cases. Rights and obligations relative to access to enterprise systems and information are contractually arranged for all types of users. Perform regular management review of all accounts and related privileges.

EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Administrator
Expand Severity Title Port/Service
2
Microsoft Windows Remote Desktop Protocol Server Private Key Disclosure
 
QID:
90250
Category:
Windows
CVE ID:
CVE-2005-1794
Vendor Reference
-
Bugtraq ID:
13818
Service Modified:
01/07/2010
User Modified:
-
Edited:
No
PCI Vuln:
Yes
CVSS Base:
6.4
CVSS Temporal:
6.1
THREAT:
Microsoft Windows Remote Desktop Protocol is affected by a private key disclosure vulnerability.

When an RDP client initiates a session with an RDP server, the server responds with a server certificate containing an RSA public key and its digital signature. The client decrypts the signature using the server's public key and compares the result with the hash of the new public key received from the server to verify the identity of the server.

The vulnerability presents itself because a private key that is used to sign the Terminal Server public key is hardcoded in "mstlsapi.dll". A subroutine of the "TLSInit" API dynamically creates, uses and de-allocates this key.

IMPACT:
Successful exploitation can allow the attacker to disclose the key and calculate a valid signature to carry out man in the middle attacks. An attacker could therefore cause the client to connect to a server under their control and send the client a public key to which they possess the private key.
SOLUTION:
There are no vendor-supplied solutions available at this time.

Workarounds:
- As there is no patch, this vulnerability should be mitigated by using some semblance of network filtering (e.g., firewalling RDP off from the open Internet).

For Windows Server 2003, the security of Terminal Server can be enhanced by configuring Terminal Services connections to use Transport Layer Security (TLS) 1.0 for server authentication, and to encrypt terminal server communications. Please refer to cc782610 to obtain additional details.

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Detected service win_remote_desktop and os WINDOWS 2003
Expand Severity Title Port/Service
5
Microsoft Windows GDI+ Remote Code Execution Vulnerability (MS09-062)
 
QID:
90551
Category:
Windows
CVE ID:
CVE-2009-2500 CVE-2009-2501 CVE-2009-2502 CVE-2009-2503 CVE-2009-2504 CVE-2009-3126 CVE-2009-2528 CVE-2009-2518
Vendor Reference
MS09-062
Bugtraq ID:
-
Service Modified:
09/07/2012
User Modified:
-
Edited:
No
PCI Vuln:
Yes
CVSS Base:
9.3
CVSS Temporal:
7.3
THREAT:
GDI+ is a graphics device interface that provides two-dimensional vector graphics, imaging, and typography to applications and programmers.

Microsoft has released updates to address the following issues:

- A remote code execution vulnerability exists in the way that GDI+ allocates buffer size when handling WMF image files. The vulnerability could allow remote code execution if a user opens a specially crafted WMF image file or browses to a Web site that contains specially crafted content. (CVE-2009-2500)

- A remote code execution vulnerability exists in the way that GDI+ allocates memory. The vulnerability could allow remote code execution if a user opens a specially crafted PNG image file. (CVE-2009-2501)

- A remote code execution vulnerability exists in the way that GDI+ allocates memory. The vulnerability could allow remote code execution if a user opens a specially crafted TIFF file. (CVE-2009-2502, CVE-2009-2503)

- A remote code execution vulnerability exists in GDI+ that can allow a malicious Microsoft .NET application to gain unmanaged code execution privileges, this vulnerability is caused by an integer overflow in certain GDI+ APIs that are accessible from .NET Framework applications. (CVE-2009-2504)

- A remote code execution vulnerability exists in the way that GDI+ allocates memory. The vulnerability could allow remote code execution if a user opens a specially crafted PNG image file. (CVE-2009-3126)

- A remote code execution vulnerability exists in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file that includes a malformed object. (CVE-2009-2528)

- A remote code execution vulnerability exists in the way that Microsoft Office handles specially crafted Office Documents containing BMP images. The vulnerability could allow remote code execution if an Outlook user opens a specially crafted e-mail or opens an Office Document with a malformed Bitmap file. (CVE-2009-2518)

Windows XP Embedded Systems:- For additional information regarding security updates for embedded systems, refer to the following MSDN blog(s):

October 2009 Security Database Updates are Available (KB958869)

IMPACT:
An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
SOLUTION:

Patch:
Following are links for downloading patches to fix the vulnerabilities:

MS09-062: Windows XP Service Pack 2 and Windows XP Service Pack 3

MS09-062: Windows XP Professional x64 Edition Service Pack 2

MS09-062: Windows Server 2003 Service Pack 2

MS09-062: Windows Server 2003 x64 Edition Service Pack 2

MS09-062: Windows Server 2003 with SP2 for Itanium-based Systems

MS09-062: Windows Vista and Windows Vista Service Pack 1

MS09-062: Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1

MS09-062: Windows Server 2008 for 32-bit Systems

MS09-062: Windows Server 2008 for x64-based Systems

MS09-062: Windows Server 2008 for Itanium-based Systems

MS09-062: Microsoft Windows 2000 Service Pack 4 (Microsoft Internet Explorer 6 Service Pack 1)

MS09-062: Microsoft Windows 2000 Service Pack 4 (Microsoft .NET Framework 1.1 Service Pack 1)

MS09-062: Microsoft Windows 2000 Service Pack 4 (Microsoft .NET Framework 2.0 Service Pack 1)

MS09-062: Microsoft Windows 2000 Service Pack 4 (Microsoft .NET Framework 2.0 Service Pack 2)

MS09-062: Microsoft Office XP Service Pack 3

MS09-062: Microsoft Office 2003 Service Pack 3

MS09-062: 2007 Microsoft Office System Service Pack 1

MS09-062: 2007 Microsoft Office System Service Pack 2

MS09-062: Microsoft Office Project 2002 Service Pack 1

MS09-062: Microsoft Office Visio 2002 Service Pack 2

MS09-062: Microsoft Office Word Viewer, Microsoft Word Viewer 2003, Microsoft Word Viewer 2003 Service Pack 3, Microsoft Office Excel Viewer 2003, Microsoft Office Excel Viewer 2003 Service Pack 3

MS09-062: Microsoft Office Excel Viewer, PowerPoint Viewer 2007, PowerPoint Viewer 2007 Service Pack 1

MS09-062: PowerPoint Viewer 2007 Service Pack 2

MS09-062: Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1

MS09-062: Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 2

MS09-062: Microsoft Expression Web and Microsoft Expression Web 2

MS09-062: Microsoft Office Groove 2007 and Microsoft Office Groove 2007 Service Pack 1

MS09-062: Microsoft Works 8.5

MS09-062: SQL Server 2000 Reporting Services Service Pack 2

MS09-062: SQL Server 2005 Service Pack 2

MS09-062: SQL Server 2005 Service Pack 2

MS09-062: SQL Server 2005 x64 Edition Service Pack 2

MS09-062: SQL Server 2005 x64 Edition Service Pack 2

MS09-062: SQL Server 2005 for Itanium-based Systems Service Pack 2

MS09-062: SQL Server 2005 for Itanium-based Systems Service Pack 2

MS09-062: SQL Server 2005 Service Pack 3

MS09-062: SQL Server 2005 Service Pack 3

MS09-062: SQL Server 2005 x64 Edition Service Pack 3

MS09-062: SQL Server 2005 x64 Edition Service Pack 3

MS09-062: SQL Server 2005 for Itanium-based Systems Service Pack 3

MS09-062: SQL Server 2005 for Itanium-based Systems Service Pack 3

MS09-062: Microsoft Visual Studio .NET 2003 Service Pack 1

MS09-062: Microsoft Visual Studio 2005 Service Pack 1

MS09-062: Microsoft Visual Studio 2008

MS09-062: Microsoft Visual Studio 2008 Service Pack 1

MS09-062: Microsoft Report Viewer 2005 Service Pack 1 Redistributable Package

MS09-062: Microsoft Report Viewer 2008 Redistributable Package

MS09-062: Microsoft Report Viewer 2008 Redistributable Package Service Pack 1

MS09-062: Microsoft Visual FoxPro 8.0 Service Pack 1

MS09-062: Microsoft Visual FoxPro 9.0 Service Pack 2

MS09-062: Microsoft Platform SDK Redistributable: GDI+

MS09-062: Microsoft Forefront Client Security 1.0

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
Reference:
CVE-2009-2528
Description:
Microsoft Office Drawing Format Shape Exploit (MS09-062) - Core Security Category : Exploits/Client Side
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Windows Server 2003 Service Pack 2 detected remotely
Expand Severity Title Port/Service
2
Windows User Accounts With Unchanged Passwords
 
QID:
105236
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/11/2009
User Modified:
-
Edited:
No
PCI Vuln:
No
CVSS Base:
0[1]
CVSS Temporal:
0
THREAT:
The target Microsoft Windows system has some user accounts with passwords which have never changed. This may include any disabled accounts that you may have.
IMPACT:
N/A
SOLUTION:
Please check if this adheres with your security policy and remove unwanted accounts.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
hsl.guest
Expand Severity Title Port/Service
3
Remote Access or Management Service Detected
QID:
42017
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
10/17/2011
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
A remote access or remote management service was detected. If such a service is accessible to malicious users it can be used to carry different type of attacks. Malicious users could try to brute force credentials or collect additional information on the service which could enable them in crafting further attacks.

The Results section includes information on the remote access service that was found on the target.

Services like Telnet, Rlogin, SSH, windows remote desktop, pcAnywhere, Citrix Management Console, Remote Admin (RAdmin), VNC, OPENVPN and ISAKMP are checked.

IMPACT:
Consequences vary by the type of attack.
SOLUTION:
Expose the remote access or remote management services only to the system administrators or intended users of the system.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Service name: Remote Desktop on TCP port 3389.
Expand Severity Title Port/Service
3
Accounts Enumerated From SAM Database Whose Passwords Do Not Expire
QID:
45031
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
08/30/2004
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The Security Accounts Manager holds user and machine account information. The scanner found at least one user or machine account in the SAM database for the target Windows machine whose password does not expire. The accounts are listed in the Result section.
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
User/Machine Accounts With Passwords That Do Not Expire:
Administrator ASPNET hsl.guest ILLiadAdmin IUSR_UNCHSL10
IWAM_UNCHSL10 SUPPORT_388945a0
Expand Severity Title Port/Service
3
NetBIOS Bindings Information
QID:
70004
Category:
SMB / NETBIOS
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/09/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The following bindings were detected on this computer. Bindings have many purposes. They reflect such things as users logged-in, registration of a user name, registration of a service in a domain, and registering of a NetBIOS name.
IMPACT:
Unauthorized users can use this information in further attacks against the host. A list of logged-in users on the target host/network can potentially be used to launch social engineering attacks.
SOLUTION:
This service uses the UDP and TCP port 137. Typically, this port should not be accessible to external networks, and should be firewalled.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
NameServiceNetBIOS Suffix
UNCHSL10Workstation Service0x0
ADDomain Name0x0
UNCHSL10File Server Service0x20
ADBrowser Service Elections0x1e
Expand Severity Title Port/Service
3
NetBIOS Shared Folders
QID:
70030
Category:
SMB / NETBIOS
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
10/29/2003
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The following NetBIOS shared folders have been detected.
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Device NameCommentTypeLabelSizeDescription
ADL 0Sites75 GBDisk (mounted)
C$Default share-2147483648
NCHIO 0Sites75 GBDisk (mounted)
inetpub 0Sites75 GBDisk (mounted)
F$Default share-2147483648
IPC$Remote IPC-2147483645
ADMIN$Remote Admin-2147483648
D$Default share-2147483648
Production 0Sites75 GBDisk (mounted)
E$ -2147483648
Expand Severity Title Port/Service
3
Hotfix KB2264107 (DLL hijacking) Installed
QID:
90634
Category:
Windows
CVE ID:
-
Vendor Reference
KB2264107
Bugtraq ID:
-
Service Modified:
08/31/2010
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
A new CWDIllegalInDllSearch registry entry is available to control the DLL search path algorithm. The DLL search path algorithm is used by the LoadLibrary API and the LoadLibraryEx API when DLLs are loaded without specifying a fully qualified path.

Refer to Microsoft KB article 2264107 to obtain additional details.

IMPACT:
Successfully exploiting these vulnerabilities might allow a remote user to cause denial of service or bypass some security restrictions to access some files.
SOLUTION:
Refer to KB2264107 for further details.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

KB2264107: Windows XP 32 bit Edition

KB2264107: Windows XP 64 bit Edition

KB2264107: Windows Server 2003 - 32 bit

KB2264107: Windows Server 2003 - 64 bit

KB2264107: Windows Vista - 32 bit

KB2264107: Windows Vista - 64 bit

KB2264107: Windows 2008-32 bit

KB2264107: Windows 2008-64 Bit

KB2264107: Windows Server 2008 R2 for Itanium-based Systems

KB2264107: Windows Server 2008 R2 for x64-based Systems

KB2264107: Windows 7 for 32-bit Systems

KB2264107: Windows 7 for 64-bit Systems

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Hotfix KB2264107 is installed
Expand Severity Title Port/Service
2
Operating System Detected
QID:
45017
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
02/09/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Several different techniques can be used to identify the operating system (OS) running on a host. A short description of these techniques is provided below. The specific technique used to identify the OS on this host is included in the RESULTS section of your report.

1) TCP/IP Fingerprint: The operating system of a host can be identified from a remote system using TCP/IP fingerprinting. All underlying operating system TCP/IP stacks have subtle differences that can be seen in their responses to specially-crafted TCP packets. According to the results of this "fingerprinting" technique, the OS version is among those listed below.

Note that if one or more of these subtle differences are modified by a firewall or a packet filtering device between the scanner and the host, the fingerprinting technique may fail. Consequently, the version of the OS may not be detected correctly. If the host is behind a proxy-type firewall, the version of the operating system detected may be that for the firewall instead of for the host being scanned.

2) NetBIOS: Short for Network Basic Input Output System, an application programming interface (API) that augments the DOS BIOS by adding special functions for local-area networks (LANs). Almost all LANs for PCs are based on the NetBIOS. Some LAN manufacturers have even extended it, adding additional network capabilities. NetBIOS relies on a message format called Server Message Block (SMB).

3) PHP Info: PHP is a hypertext pre-processor, an open-source, server-side, HTML-embedded scripting language used to create dynamic Web pages. Under some configurations it is possible to call PHP functions like phpinfo() and obtain operating system information.

4) SNMP: The Simple Network Monitoring Protocol is used to monitor hosts, routers, and the networks to which they attach. The SNMP service maintains Management Information Base (MIB), a set of variables (database) that can be fetched by Managers. These include "MIB_II.system.sysDescr" for the operating system.

IMPACT:
Not applicable.
SOLUTION:
Not applicable.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Operating SystemTechniqueID
Windows Server 2003 Service Pack 2Windows Registry
Windows 2003TCP/IP FingerprintU1751:80
Windows 2003/XP 64 bit EditionNTLMSSP
Windows Server 2003 3790 Service Pack 2/Windows Server 2003 5.2CIFS via TCP Port 445
cpe:/o:microsoft:windows 2003 server::sp2::CPE
Expand Severity Title Port/Service
2
Windows Effective Password Policy Information Gathering Via SAM Database
QID:
45026
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
07/29/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
This check probes the SAM database on the target host for password policy information. Information gathered is:

Minimum Password Age in Days
Maximum Password Age in Days
Minimum Password Length in Characters
Password History (Number of old passwords remembered)

The policy is the effective policy, which is a combination of the local policy settings (if any) and the domain-wide policy settings made on the Domain Controller(s) for the domain.

This probe requires authentication to be successful.

IMPACT:
This password policy information may be used for auditing a Windows-based network for password policy compliance of its nodes. An attacker with a working account can use it to query the network and obtain information.
SOLUTION:
N/A
COMPLIANCE:
Type: CobIT
Section: DS5.4
Description: DS5.4 User Account Management Ensure that requesting, establishing, issuing, suspending, modifying and closing user accounts and related user privileges are addressed by user account management. An approval procedure outlining the data or system owner granting the access privileges should be included. These procedures should apply for all users, including administrators (privileged users), internal and external users, for normal and emergency cases. Rights and obligations relative to access to enterprise systems and information are contractually arranged for all types of users. Perform regular management review of all accounts and related privileges.

Type: GLBA
Section: N/A
Description: Ensure the confidentiality and protection of passwords through secure password creation and distribution mechanisms.

Type: HIPAA
Section: 164.308(a)(5)(ii)(D)
Description: Password management Procedures for creating, changing, and safeguarding passwords.

Type: SOX
Section: N/A
Description: User Access Management Granting resource access, user ID and password requirements, individual accountability, limited utilization of native administrative IDs, non-employee user ID expiration, reporting employee and contractor status changes. Operating System Access Control Password enforcement, logon information, password display and printing, required password changes, vendor default passwords, security changes after system compromise, systems software utility usage, automatic log off. Password Management Procedures exist that ensure the confidentiality and protection of passwords through secure password creation and distribution mechanisms, the enforcement and adherence to acceptable password standards, and the regular changing of passwords.

EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Effective Password Policy:

Mininum Password Length - 0 (Not defined/Infinite).
Password History Length - 0 (Not defined/Infinite).
Minimum Password Age - 0 (Not defined/Infinite).
Maximum Password Age - 42 Days.
Password Complexity - Not Set.
Store Password Using Reversible Encryption - Not Set.
Expand Severity Title Port/Service
2
Windows Domain Effective Account Lockout Policy Information Gathered Via SAM Database
QID:
45028
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
12/30/2003
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The Security and Accounts Manager (SAM) Database of any Windows host participating in a Windows Domain has information about the account lockout policy set on that system. Such information was gathered from the target and is shown in the Results section below.

It should be noted that if the Domain Controller/Active Directory on this domain enforces a policy as well, the Domain Controller policy will override the local policies (if any) of each host. Further, it takes up to a couple of minutes for changes on the Domain Controller policy to be propogated to all the individual hosts on that domain.

SOLUTION:
 
COMPLIANCE:
Type: CobIT
Section: DS5.4
Description: User Account Management Ensure that requesting, establishing, issuing, suspending, modifying and closing user accounts and related user privileges are addressed by user account management. An approval procedure outlining the data or system owner granting the access privileges should be included. These procedures should apply for all users, including administrators (privileged users), internal and external users, for normal and emergency cases. Rights and obligations relative to access to enterprise systems and information are contractually arranged for all types of users. Perform regular management review of all accounts and related privileges.

Type: GLBA
Section: N/A
Description: Ensure that accounts are locked after unsuccessful login attempts.

Type: HIPAA
Section: 164.312(a)(1)
Description: Standard: Access Control Implement technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to those persons or software programs that have been granted access rights as specified in 164.308(a)(4).

Type: SOX
Section: N/A
Description: Ensure that accounts are locked after unsuccessful login attempts and that failed login attempts are logged.

EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Effective Account Lockout Policy:

Maximum Failed Logon Attempts Before Lockout - 0 (Not defined/Infinite/Will Not Lockout).
Lockout Logon-Attempts-Counter Duration - 15 Minutes.
Lockout Duration - 15 Minutes.
Expand Severity Title Port/Service
2
Open DCE-RPC / MS-RPC Services List
QID:
70022
Category:
SMB / NETBIOS
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
06/06/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The following DCE-RPC / MS-RPC services are active on the remote host.
IMPACT:
N/A
SOLUTION:
Shut down any unknown or unused service on the list. In Windows, this is done in the "Services" Control Panel. In other environments, this usually requires editing a configuration file or start-up script. If you have provided Windows Authentication credentials, the Microsoft Registry service supporting the named pipe "\PIPE\winreg" must be present to allow CIFS to access the Registry.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
DescriptionVersionTCP PortsUDP PortsHTTP PortsNetBIOS/CIFS Pipes
DCE Endpoint Mapper3.0 \PIPE\epmapper
DCE Remote Management1.0 \PIPE\epmapper
DCOM OXID Resolver0.0 \PIPE\epmapper
DCOM Remote Activation0.0 \PIPE\epmapper
DCOM System Activator0.0 \PIPE\epmapper
Microsoft Event Log Service0.0 \PIPE\eventlog
Microsoft Local Security Architecture0.0 \PIPE\lsarpc
Microsoft Network Logon1.0 \PIPE\NETLOGON
Microsoft Registry1.0 \PIPE\winreg
Microsoft Scheduler Control Service1.0 \PIPE\atsvc
Microsoft Security Account Manager1.01029 \PIPE\samr, \PIPE\lsass
Microsoft Server Service3.0 \PIPE\browser, \PIPE\srvsvc, \PIPE\wkssvc
Microsoft Service Control Service2.0 \PIPE\svcctl
Microsoft Spool Subsystem1.01029 \PIPE\lsass
Microsoft Task Scheduler1.0 \PIPE\atsvc
Microsoft Workstation Service1.0 \PIPE\wkssvc
RPC Browser0.0 \PIPE\browser
WinHttp Auto-Proxy Service5.1 \PIPE\W32TIME_ALT
RPC ROUTER SERVICE1.0 \PIPE\ROUTER
Microsoft Workstation Service1.0 \PIPE\BROWSER
ICF+ FW API1.0 \PIPE\ROUTER, \pipe\trkwks, \PIPE\srvsvc, \pipe\keysvc, \PIPE\wkssvc, \PIPE\atsvc
Unimodem LRPC Endpoint1.0 \pipe\tapsrv
Expand Severity Title Port/Service
2
Real Name of Built-in Guest Account Enumerated
QID:
90266
Category:
Windows
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
08/30/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Microsoft best practices documents recommend renaming the built-in Guest account. This test enumerates the actual name of the built-in Guest account.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
hsl.guest
Expand Severity Title Port/Service
2
Microsoft Windows Registry Critical Keys Security Policy
QID:
105177
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
04/21/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
This test enumerates the Access Control Lists associated with some of the critical registry paths on the Windows system.
IMPACT:
Insecure ACL settings can allow an unprivileged user to control configuration of system components.
SOLUTION:
Make sure that only privileged user accounts have access to these keys.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
------------------------------------------------------------
HKU\.Default
------------------------------------------------------------
Usersaccess_allowed standard_read generic_read enum_subkeys notify query_value
Power_Usersaccess_allowed standard_read generic_read enum_subkeys notify query_value
Administratorsaccess_allowed generic_all full_control
SYSTEMaccess_allowed generic_all full_control
Creator_Owneraccess_allowedcontainer_inherit=true inherit_only=truegeneric_all
------------------------------------------------------------
HKU\.Default\Software\Microsoft\Protected Storage System Provider
------------------------------------------------------------
Usersaccess_allowed standard_read generic_read enum_subkeys notify query_value
Power_Usersaccess_allowed standard_read generic_read enum_subkeys notify query_value
Administratorsaccess_allowed generic_all full_control
SYSTEMaccess_allowed generic_all full_control
Creator_Owneraccess_allowedcontainer_inherit=true inherit_only=truegeneric_all
------------------------------------------------------------
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion
------------------------------------------------------------
Usersaccess_allowed standard_read generic_read enum_subkeys notify query_value
Power_Usersaccess_allowed standard_read standard_delete set_value query_value create_subkey enum_subkeys notify generic_read generic_write
Administratorsaccess_allowed generic_all full_control
SYSTEMaccess_allowed generic_all full_control
Creator_Owneraccess_allowedcontainer_inherit=true inherit_only=truegeneric_all
Terminal_Server_Usersaccess_allowed standard_read standard_delete set_value query_value create_subkey enum_subkeys notify generic_read generic_write
------------------------------------------------------------
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print
------------------------------------------------------------
Usersaccess_allowed standard_read generic_read enum_subkeys notify query_value
Power_Usersaccess_allowed standard_read standard_delete set_value query_value create_subkey enum_subkeys notify generic_read generic_write
Administratorsaccess_allowed generic_all full_control
SYSTEMaccess_allowed generic_all full_control
Creator_Owneraccess_allowedcontainer_inherit=true inherit_only=truegeneric_all
Terminal_Server_Usersaccess_allowed standard_read standard_delete set_value query_value create_subkey enum_subkeys notify generic_read generic_write
------------------------------------------------------------
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
------------------------------------------------------------
Usersaccess_allowed standard_read generic_read enum_subkeys notify query_value
Power_Usersaccess_allowed standard_read generic_read enum_subkeys notify query_value
Administratorsaccess_allowed generic_all full_control
SYSTEMaccess_allowed generic_all full_control
Creator_Owneraccess_allowedcontainer_inherit=true inherit_only=truegeneric_all
------------------------------------------------------------
HKLM\SYSTEM\CurrentControlSet\Control\ContentIndex
------------------------------------------------------------
Usersaccess_allowed standard_read generic_read enum_subkeys notify query_value
Power_Usersaccess_allowed standard_read generic_read enum_subkeys notify query_value
Administratorsaccess_allowed generic_all full_control
SYSTEMaccess_allowed generic_all full_control
Creator_Owneraccess_allowedcontainer_inherit=true inherit_only=truegeneric_all
------------------------------------------------------------
HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers
------------------------------------------------------------
Usersaccess_allowed standard_read generic_read enum_subkeys notify query_value
Power_Usersaccess_allowed standard_read standard_delete set_value query_value create_subkey enum_subkeys notify generic_read generic_write
Administratorsaccess_allowed generic_all full_control
SYSTEMaccess_allowed generic_all full_control
Creator_Owneraccess_allowedcontainer_inherit=true inherit_only=truegeneric_all
Terminal_Server_Usersaccess_allowed standard_read standard_delete set_value query_value create_subkey enum_subkeys notify generic_read generic_write
------------------------------------------------------------
HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server
------------------------------------------------------------
Usersaccess_allowed standard_read generic_read enum_subkeys notify query_value
Power_Usersaccess_allowed standard_read generic_read enum_subkeys notify query_value
Administratorsaccess_allowed generic_all full_control
SYSTEMaccess_allowed generic_all full_control
Creator_Owneraccess_allowedcontainer_inherit=true inherit_only=truegeneric_all
------------------------------------------------------------
HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration
------------------------------------------------------------
Usersaccess_allowed standard_read generic_read enum_subkeys notify query_value
Power_Usersaccess_allowed standard_read generic_read enum_subkeys notify query_value
Administratorsaccess_allowed generic_all full_control
SYSTEMaccess_allowed generic_all full_control
Creator_Owneraccess_allowedcontainer_inherit=true inherit_only=truegeneric_all
Expand Severity Title Port/Service
2
Microsoft Windows Default Screen Saver Policy Enumerated
QID:
105178
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/19/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
This check enumerates Windows registry parameters which ensure that a password protected screen saver is enabled with acceptable timeout settings.
IMPACT:
A host not protected by these settings is susceptible to unauthorized access when unattended.
SOLUTION:
Refer to Microsoft article KB185348 for more details on enabling the screen saver. Make sure the registry value ScreenSaverIsSecure is set to 1 under this path:

HKEY_USERS\.DEFAULT\Control Panel\Desktop

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
HKU\.DEFAULT\Control Panel\Desktop
ScreenSaveActive = 1
ScreenSaverIsSecure = 1
ScreenSaveTimeOut = 600
Expand Severity Title Port/Service
2
Administrator Group Members Enumerated
QID:
105231
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
08/30/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Members of the built-in Administrator Group are enumerated from the target Microsoft Windows system.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Administrators UNCHSL10\Administrator
Administrators AD\pchavez.adm
Administrators AD\Domain Admins
Administrators AD\HSL_Server Admins
Administrators UNCHSL10\ILLiadAdmin
Administrators AD\kcford
Administrators AD\fusionr
Expand Severity Title Port/Service
2
Open RPC Services List port 111/tcp
QID:
9
Category:
RPC
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
01/01/1999
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
A port scanner was used to draw a map of all the RPC services accessible from the Internet.
IMPACT:
Unauthorized users can subsequently test vulnerabilities related to each of the services open.
SOLUTION:
Shut down any unknown or unused service on the list. To remove all RPC services, you cannot simply filter port 111 at the firewall because port 111 (the "portmap" service) only shows which ports the RPC services are listening on. Therefore, it cannot block access to these services. Disable the RPC services at the server level because each listens on an ephemeral UDP or TCP port.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
programversionprotocolportname
1000002tcp7938rpcbind
1000002udp7938rpcbind
3904361tcp9079390436
3904351tcp9758390435
3901131tcp7937nsrexec
Expand Severity Title Port/Service
1
DNS Host Name
QID:
6
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
01/01/1999
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The fully qualified domain name of this host, if it was obtained from a DNS server, is displayed in the RESULT section.
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
IP addressHost name
152.2.37.8unchsl10.hsl.unc.edu
Expand Severity Title Port/Service
1
Firewall Detected
QID:
34011
Category:
Firewall
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
10/16/2001
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
A packet filtering device protecting this IP was detected. This is likely to be a firewall or a router using access control lists (ACLs).
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Some of the ports filtered by the firewall are: 20, 21, 22, 23, 25, 53, 135, 1, 7, 11.

Listed below are the ports filtered by the firewall.
No response has been received when any of these ports is probed.
1-79,81-110,112-138,140-442,444,446-1705,1707-1999,2001-2146,2148-2512,
2514-2701,2703-2966,2968-3388,3390-5630,5632-5665,5667-6128,6130-7936,
7939-7967,7969-9078,9080-9757,9759-42423,42425-65535
Expand Severity Title Port/Service
1
Network Adapter MAC Address
QID:
43007
Category:
Hardware
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
11/29/2004
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
It is possible to obtain the MAC address information of the network adapters on the target system. Various sources such as SNMP and NetBIOS provide such information. This vulnerability test attempts to gather and report on this information in a table format.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
MethodMAC AddressVendor
NBTSTAT00:50:56:88:00:2DVMWARE, INC.
Expand Severity Title Port/Service
1
Target Network Information
QID:
45004
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
08/15/2013
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The information shown in the Result section was returned by the network infrastructure responsible for routing traffic from our cloud platform to the target network (where the scanner appliance is located).

This information was returned from: 1) the WHOIS service, or 2) the infrastructure provided by the closest gateway server to our cloud platform. If your ISP is routing traffic, your ISP's gateway server returned this information.

IMPACT:
This information can be used by malicious users to gather more information about the network infrastructure that may help in launching attacks against it.
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
The network handle is: UNCCH-NET
Network description:
University of North Carolina at Chapel Hill
Expand Severity Title Port/Service
1
Internet Service Provider
QID:
45005
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
08/15/2013
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The information shown in the Result section was returned by the network infrastructure responsible for routing traffic from our cloud platform to the target network (where the scanner appliance is located).

This information was returned from: 1) the WHOIS service, or 2) the infrastructure provided by the closest gateway server to our cloud platform. If your ISP is routing traffic, your ISP's gateway server returned this information.This information was gathered using the WHOIS service for the network and is believed to be the ISP of the target network.

IMPACT:
This information can be used by malicious users to gather more information about the network infrastructure that may aid in launching further attacks against it.
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
The ISP network handle is: UNCCH-NET
ISP Network description:
University of North Carolina at Chapel Hill
Expand Severity Title Port/Service
1
Traceroute
QID:
45006
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/09/2003
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Traceroute describes the path in realtime from the scanner to the remote host being contacted. It reports the IP addresses of all the routers in between.
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
HopsIPRound Trip TimeProbe
1152.2.20.10.55msICMP
2152.19.253.1061.08msICMP
3152.2.255.171.07msICMP
4152.2.255.2101.09msICMP
5152.2.37.80.89msICMP
Expand Severity Title Port/Service
1
Disabled Accounts Enumerated From SAM Database
QID:
45027
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
10/29/2003
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The Security Accounts Manager holds user and machine account information. The scanner found at least one disabled user or machine account in the SAM database for the target Windows machine. The accounts found are listed in the Results section.
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Disabled User/Machine Accounts:
hsl.guest SUPPORT_388945a0
Expand Severity Title Port/Service
1
Administrator Account's Real Name Found From LSA Enumeration
QID:
45032
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
02/17/2004
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
LSA (Local Security Authority Database) is a protected subsystem that authenticates and logs users onto the local system.

Windows systems by default have the administrator account's name configured as "Administrator". This can very easily be changed to a non-default value (like root, for example) to harden security against password bruteforcing.

LSA, internally, refers to user accounts by what are called RIDs (Relative IDs) instead of the friendlier names (like "Administrator") used only for GUI and display purposes. The administrator account on any Windows system always has a RID of 500, even if the name has been changed.

The scanner probed the LSA for the name that maps to the RID of 500, which is the administrator account name, changed or unchanged. The name is listed in the Result section below.

SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Administrator
Expand Severity Title Port/Service
1
Host Scan Time
QID:
45038
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
11/18/2004
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The Host Scan Time is the period of time it takes the scanning engine to perform the vulnerability assessment of a single target host. The Host Scan Time for this host is reported in the Result section below.

The Host Scan Time does not have a direct correlation to the Duration time as displayed in the Report Summary section of a scan results report. The Duration is the period of time it takes the service to perform a scan task. The Duration includes the time it takes the service to scan all hosts, which may involve parallel scanning. It also includes the time it takes for a scanner appliance to pick up the scan task and transfer the results back to the service's Secure Operating Center. Further, when a scan task is distributed across multiple scanners, the Duration includes the time it takes to perform parallel host scanning on all scanners.

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Scan duration: 2379 seconds

Start time: Sat, Mar 23 2013, 21:18:25 GMT

End time: Sat, Mar 23 2013, 21:58:04 GMT
Expand Severity Title Port/Service
1
Host Names Found
QID:
45039
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
02/14/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The following host names were discovered for this computer using various methods such as DNS look up, NetBIOS query, and SQL server name query.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Host NameSource
UNCHSL10.hsl.unc.eduNTLM DNS
unchsl10.hsl.unc.eduFQDN
UNCHSL10NTLM NetBIOS
UNCHSL10NetBIOS
Expand Severity Title Port/Service
1
Adobe Flash Player Version Detected
QID:
45118
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
09/22/2010
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
An instance of Adobe Flash Player was detected on the target host.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
HKCR\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32 exists
Expand Severity Title Port/Service
1
Windows Authentication Method
QID:
70028
Category:
SMB / NETBIOS
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
12/09/2008
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Windows authentication was performed. The Results section in your detailed results includes a list of authentication credentials used.

The service also attempts to authenticate using common credentials. You should verify that the credentials used for successful authentication were those that were provided in the Windows authentication record. User-provided credentials failed if the discovery method shows "Unable to log in using credentials provided by user, fallback to NULL session". If this is the case, verify that the credentials specified in the Windows authentication record are valid for this host.

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
User NameDOM qualys.scn
DomainAD
Authentication SchemeKerberos
SecurityUser-based
SMBv1 SigningEnabled
Discovery MethodLogin credentials provided by user
Authentication RecordAD.UNC.EDU Credentials
CIFS VersionSMB v1 NT LM 0.12
Expand Severity Title Port/Service
1
Windows Authentication Method for User-Provided Credentials
QID:
70053
Category:
SMB / NETBIOS
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
11/05/2009
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Windows authentication was performed and successful with user-provided credentials. The Results section in your detailed results includes a list of authentication credentials used.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
User NameDOM qualys.scn
DomainAD
Authentication SchemeKerberos
SecurityUser-based
SMBv1 SigningEnabled
Authentication RecordAD.UNC.EDU Credentials
Expand Severity Title Port/Service
1
Open UDP Services List
QID:
82004
Category:
TCP/IP
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
07/11/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
A port scanner was used to draw a map of all the UDP services on this host that can be accessed from the Internet.

Note that if the host is behind a firewall, there is a small chance that the list includes a few ports that are filtered or blocked by the firewall but are not actually open on the target host. This (false positive on UDP open ports) may happen when the firewall is configured to reject UDP packets for most (but not all) ports with an ICMP Port Unreachable packet. This may also happen when the firewall is configured to allow UDP packets for most (but not all) ports through and filter/block/drop UDP packets for only a few ports. Both cases are uncommon.

IMPACT:
Unauthorized users can exploit this information to test vulnerabilities in each of the open services.
SOLUTION:
Shut down any unknown or unused service on the list. If you have difficulty working out which service is provided by which process or program, contact your provider's support team. For more information about commercial and open-source Intrusion Detection Systems available for detecting port scanners of this kind, visit the CERT Web site.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
PortIANA Assigned Ports/ServicesDescriptionService Detected
111sunrpcSUN Remote Procedure Callrpc udp
137netbios-nsNETBIOS Name Servicenetbios ns
Expand Severity Title Port/Service
1
Open TCP Services List
QID:
82023
Category:
TCP/IP
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
06/15/2009
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The port scanner enables unauthorized users with the appropriate tools to draw a map of all services on this host that can be accessed from the Internet. The test was carried out with a "stealth" port scanner so that the server does not log real connections.

The Results section displays the port number (Port), the default service listening on the port (IANA Assigned Ports/Services), the description of the service (Description) and the service that the scanner detected using service discovery (Service Detected).

IMPACT:
Unauthorized users can exploit this information to test vulnerabilities in each of the open services.
SOLUTION:
Shut down any unknown or unused service on the list. If you have difficulty figuring out which service is provided by which process or program, contact your provider's support team. For more information about commercial and open-source Intrusion Detection Systems available for detecting port scanners of this kind, visit the CERT Web site.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
PortIANA Assigned Ports/ServicesDescriptionService DetectedOS On Redirected Port
80wwwWorld Wide Web HTTPhttp
111sunrpcSUN Remote Procedure Callrpc
139netbios-ssnNETBIOS Session Servicenetbios ssn
443httpshttp protocol over TLS/SSLhttp over ssl
445microsoft-dsMicrosoft-DSmicrosoft-ds
3389ms-wbt-serverMS WBT Serverwin remote desktop
5666unknownunknownunknown
7937unknownunknownrpc
7938unknownunknownrpc
9079unknownunknownrpc
9758unknownunknownrpc
Expand Severity Title Port/Service
1
ICMP Replies Received
QID:
82040
Category:
TCP/IP
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
01/16/2003
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
ICMP (Internet Control and Error Message Protocol) is a protocol encapsulated in IP packets. ICMP's principal purpose is to provide a protocol layer that informs gateways of the inter-connectivity and accessibility of other gateways or hosts.

We have sent the following types of packets to trigger the host to send us ICMP replies:

Echo Request (to trigger Echo Reply)
Timestamp Request (to trigger Timestamp Reply)
Address Mask Request (to trigger Address Mask Reply)
UDP Packet (to trigger Port Unreachable Reply)
IP Packet with Protocol >= 250 (to trigger Protocol Unreachable Reply)

Listed in the "Result" section are the ICMP replies that we have received.

SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
ICMP Reply TypeTriggered ByAdditional Information
Echo (type=0 code=0)Echo RequestEcho Reply
Expand Severity Title Port/Service
1
NetBIOS Host Name
QID:
82044
Category:
TCP/IP
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
01/20/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The NetBIOS host name of this computer has been detected.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
UNCHSL10
Expand Severity Title Port/Service
1
Degree of Randomness of TCP Initial Sequence Numbers
QID:
82045
Category:
TCP/IP
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
11/19/2004
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
TCP Initial Sequence Numbers (ISNs) obtained in the SYNACK replies from the host are analyzed to determine how random they are. The average change between subsequent ISNs and the standard deviation from the average are displayed in the RESULT section. Also included is the degree of difficulty for exploitation of the TCP ISN generation scheme used by the host.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Average change between subsequent TCP initial sequence numbers is 998613442 with a standard deviation of 634138962. These TCP initial sequence numbers were triggered by TCP SYN probes sent to the host at an average rate of 1/(6997 microseconds). The degree of difficulty to exploit the TCP initial sequence number generation scheme is: hard.
Expand Severity Title Port/Service
1
IP ID Values Randomness
QID:
82046
Category:
TCP/IP
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
07/27/2006
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The values for the identification (ID) field in IP headers in IP packets from the host are analyzed to determine how random they are. The changes between subsequent ID values for either the network byte ordering or the host byte ordering, whichever is smaller, are displayed in the RESULT section along with the duration taken to send the probes. When incremental values are used, as is the case for TCP/IP implementation in many operating systems, these changes reflect the network load of the host at the time this test was conducted.

Please note that for reliability reasons only the network traffic from open TCP ports is analyzed.

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
IP ID changes observed (network order) for port 111: 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1
Duration: 31 milli seconds
Expand Severity Title Port/Service
1
NetBIOS Workgroup Name Detected
QID:
82062
Category:
TCP/IP
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
06/02/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The NetBIOS workgroup or domain name for this system has been detected.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
AD
Expand Severity Title Port/Service
1
Windows Product Type
QID:
90107
Category:
Windows
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
09/13/2007
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The results below identify which type of Windows product is installed:
- If ProductType is "Winnt", the host is running Windows Workstation.
- If ProductType is "Servernt", the host is running Windows Server.
- If ProductType is "Lanmannt", the host is running Windows Advanced Server.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
HKLM\Software\Microsoft\Windows NT\CurrentVersion
ProductName=Microsoft Windows Server 2003
CurrentVersion=5.2
HKLM\SYSTEM\currentControlSet\Control\ProductOptions
ProductType=ServerNT
ProductSuite={"Enterprise", "Terminal Server"}
Expand Severity Title Port/Service
1
Windows Registry Key Access Denied
QID:
90195
Category:
Windows
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
03/24/2009
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Remote access to the following registry keys has been denied. Access to the Registry named pipe was successful, but remote access to the Registry keys in the Result section has been denied.
IMPACT:
Vulnerabilities that require registry key access may not have been detected during the scan. This QID can be used to debug authentication and permission issues with other QIDs. This QID is not a direct indication of problems or missing patches on the target system.
SOLUTION:
See the permissions assigned to the provided user authentication credentials. On Windows XP Professional use Classic for local network logins (default is Guest only, which prohibits Registry access). This may be set at Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\
HKLM\System\CurrentControlSet\Control\Session Manager\
HKLM\System\CurrentControlSet\Control\
HKLM\System\CurrentControlSet\
HKLM\System\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\
HKLM\SOFTWARE\Microsoft\Windows\
HKLM\Software\Microsoft\
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{6e1c7285-263b-431d-8b83-c3cbce301704}\
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
HKLM\SOFTWARE\Microsoft\Internet Explorer\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ce31a1f7-3d90-4874-8fbe-a5d97f8bc8f1}\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bargain buddy\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\stashedgmg\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\stashedgmi\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\uninstall\textwiz is1\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\uninstall\web3000\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\uninstall\xtractor\
HKLM\SOFTWARE\Web3000.Com\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\browser helper objects\{c900b400-cdfe-11d3-976a-00e02913a9e0}\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webhancer agent\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\whsurvey\
HKLM\SOFTWARE\Webhancer\
HKLM\SOFTWARE\Timesink Inc.\
HKLM\SOFTWARE\Conducent\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\flexpak\
HKLM\SOFTWARE\vgroup\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Radiate\
HKLM\SOFTWARE\Classes\CLSID\{6d0bb051-a1a3-11d3-a67c-0050da2ce984}\
HKLM\SOFTWARE\Classes\CLSID\
HKLM\SOFTWARE\Classes\
HKLM\SOFTWARE\Classes\TypeLib\{6d0bb056-a1a3-11d3-a67c-0050da2ce984}\
HKLM\SOFTWARE\Classes\TypeLib\
HKLM\SOFTWARE\Aureate\
HKLM\SOFTWARE\Classes\anadscb.aadvb5\
HKLM\SYSTEM\CurrentControlSet\Services\dx32hhec\
HKLM\SYSTEM\CurrentControlSet\Services\
HKLM\System\ControlSet001\enum\root\legacy iks\
HKLM\System\ControlSet001\enum\root\
HKLM\System\ControlSet001\enum\
HKLM\System\ControlSet001\
HKLM\System\ControlSet002\enum\root\legacy iks\
HKLM\System\ControlSet002\enum\root\
HKLM\System\ControlSet002\enum\
HKLM\System\ControlSet002\
HKLM\System\CurrentControlSet\enum\root\legacy iks\
HKLM\System\CurrentControlSet\enum\root\
HKLM\System\CurrentControlSet\enum\
HKLM\System\ControlSet001\Services\iks\
HKLM\System\ControlSet001\Services\
HKLM\System\ControlSet002\Services\iks\
HKLM\System\ControlSet002\Services\
HKLM\System\CurrentControlSet\Services\iks\
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\
HKLM\Software\Microsoft\Windows NT\Currentversion\Winlogon\
HKLM\SOFTWARE\Cult Of The Dead Cow\Back Orifice 2000\
HKLM\SOFTWARE\Cult Of The Dead Cow\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\
HKLM\Software\Gator.com\Gator\dyn\
HKLM\Software\Gator.com\Gator\
HKLM\Software\Gator.com\
HKLM\SOFTWARE\wildtangent\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WtWebDriver\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wtdmmp\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wcmdmgr.exe\
HKLM\SOFTWARE\classes\clsid\{4e7bd74f-2b8d-469e-d3fa-f27ba787ad2d}\
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{4e7bd74f-2b8d-469e-d3fa-f27ba787ad2d}\
HKLM\SOFTWARE\Microsoft\code store database\distribution units\{6eb5b540-1e74-4d91-a7f0-5b758d333702}\
HKLM\SOFTWARE\Microsoft\code store database\distribution units\
HKLM\SOFTWARE\Microsoft\code store database\
HKLM\SOFTWARE\Microsoft\Windows\currentversion\uninstall\msbb\
HKLM\SOFTWARE\Microsoft\Windows\currentversion\uninstall\ncase\
HKLM\SOFTWARE\Classes\180SAInstaller\.180SAInstaller\
HKLM\SOFTWARE\Classes\180SAInstaller\
HKLM\software\whenusave\
HKLM\SOFTWARE\Microsoft\Windows\Currentversion\app management\arpcache\ipinsight\
HKLM\SOFTWARE\Microsoft\Windows\Currentversion\app management\arpcache\
HKLM\SOFTWARE\Microsoft\Windows\Currentversion\app management\
HKLM\SOFTWARE\Microsoft\Windows\Currentversion\Explorer\browser helper objects\{000004cc-e4ff-4f2c-bc30-dbef0b983bc9}\
HKLM\SOFTWARE\Microsoft\Windows\Currentversion\uninstall\ipinsight\
HKLM\SOFTWARE\Microsoft\Windows\Currentversion\uninstall\downloadware engine\
HKLM\SOFTWARE\Microsoft\Windows\Currentversion\uninstall\medialoads installer\
HKLM\SOFTWARE\Cydoor\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\uninstall\adsupport 202\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\uninstall\adsupport 253\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\uninstall\adsupport 270\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\uninstall\adsupport 277\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\uninstall\adsupport 314\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\uninstall\adsupport 319\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\uninstall\adsupport 336\
HKLM\SYSTEM\CurrentControlSet\Services\EventNotification\
HKLM\System\CurrentControlSet\Services\WksPatch\
HKLM\Software\VirtualMDA\
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\
HKLM\SYSTEM\CurrentControlSet\Services\firewall\
HKLM\SOFTWARE\Microsoft\Wireless\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{9B71D88C-C598-4935-C5D1-43AA4DB90836}\
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\
HKLM\SOFTWARE\Microsoft\Active Setup\
HKLM\SYSTEM\CurrentControlSet\Services\PlugPlay\
HKLM\SYSTEM\CurrentControlSet\Services\WZDSVC\
HKLM\SYSTEM\CurrentControlSet\Services\mousebm\
HKLM\SYSTEM\CurrentControlSet\Services\mousemm\
HKLM\SYSTEM\CurrentControlSet\Services\mousesync.exe\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5321E378-FFAD-4999-8C62-03CA8155F0B3}\
HKLM\SYSTEM\CurrentControlSet\Services\pxlmdl\
HKLM\SYSTEM\CurrentControlSet\Services\remon\
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\
HKLM\SOFTWARE\Skavx\
HKLM\SYSTEM\CurrentControlSet\Services\pe386\
HKLM\SYSTEM\CurrentControlSet\Services\wgareg\
HKLM\Software\Microsoft\OLE\
HKLM\SYSTEM\CurrentControlSet\ControlSet\Control\Lsa\
HKLM\SYSTEM\CurrentControlSet\ControlSet\Control\
HKLM\SYSTEM\CurrentControlSet\ControlSet\
HKLM\SYSTEM\CurrentControlSet\Services\wincom32\
HKLM\Software\Microsoft\Windows\CurrentVersion\Applets\
HKLM\SYSTEM\CurrentControlSet\Services\IrSvc\
Skipped 2644 registry keys for which access was denied.
Expand Severity Title Port/Service
1
Windows 2003 R2 Installed
QID:
90326
Category:
Windows
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
07/12/2006
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Windows 2003 R2 was found installed on the target host.
IMPACT:
n/a
SOLUTION:
n/a
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
No results available
Expand Severity Title Port/Service
1
Microsoft Windows Network Level Authentication Disabled
QID:
90788
Category:
Windows
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/01/2013
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Microsoft Windows Network Level Authentication (NLA) is an authentication method that enhances the security of a Remote Desktop Session Host server by requiring the user to be authenticated before a session is created.

The registry key for the Network Level Authentication (NLA) is disabled.

Network Level Authentication is supported on Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2

IMPACT:
Enabling NLA can help protect the remote computer from malicious users and malicious software attacks.
SOLUTION:
See Microsoft Knowledge Base Article 2671387 to use the automated Microsoft Fix it solution to enable this feature.

As a precaution, always test in a QA or rehearsal environment before rolling out to production.

Note: Client computers that do not support Credential Security Support Provider (CredSSP) protocol will not be able to access servers protected with Network Level Authentication. Windows XP does not support the CredSSP protocol by default.

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
QID: 90788 detected on port 3389 over TCP.
Expand Severity Title Port/Service
1
Windows Registry Access Level
QID:
105025
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/09/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The scanner can access these registry keys, which are important for performing patch verification.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
HKCR\Installer\Products 008070E9FB47154408670EC72B6F9579
HKCR\Installer\Products 062F3ED9E88BEC24097E377CC8739DE5
HKCR\Installer\Products 0DC1503A46F231838AD88BCDDC8E8F7C
HKCR\Installer\Products 0E23E40C6140D434FA9B96967D309AFE
HKCR\Installer\Products 1D67A64E9BF90774AB429357FED421A0
HKCR\Installer\Products 26DDC2EC4210AC63483DF9D4FCC5B59D
HKCR\Installer\Products 4F4A3A53297B6D117AA8000B0D411201
HKCR\Installer\Products 568774731F3A2774DA34AACFB6FC9FF9
HKCR\Installer\Products 5B565B1D632FB1546BF3CA9F4FD083AE
HKCR\Installer\Products 5E5778D161A8B3043B2439DD3EDD4EF5
HKCR\Installer\Products 6E8A266FCD4F2A1409E1C8110F44DBCE
HKCR\Installer\Products 8A0F841731866D117AB7000B0D411201
HKCR\Installer\Products 8CA7F906015C4D117A88000972BA5A0D
HKCR\Installer\Products b25099274a207264182f8181add555d0
HKCR\Installer\Products B4CC6B3297F8E7B4BAA22C2DDC04EF04
HKCR\Installer\Products C4C01FE9ACB989B469048CE651F8135A
HKCR\Installer\Products CFD2C1F142D260E3CB8B271543DA9F98
HKCR\Installer\Products D364935D5F84E0A44B0BFFA5609E6FDC
HKCR\Installer\Products DC3BF90CC0D3D2F398A9A6D1762F70F3
HKCR\Installer\Products DDA39468D428E8B4DB27C8D5DC5CA217
HKCR\Installer\Products F1516425A71791145A2958FA7CE16BD0
HKCR\Installer\Patches 03076BB64DB02933C93976B1AC698DE0
HKCR\Installer\Patches 0349BE9150117953E80C5ED001CB3F38
HKCR\Installer\Patches 13CA5F6F338977E3CAE8E819C0BA93EA
HKCR\Installer\Patches 17AFD8C1970420F48BBB741BC2A165F5
HKCR\Installer\Patches 17BB7F68F8EF60333A529FE30E46718B
HKCR\Installer\Patches 1FDE42FC632E233438BCC407A1B9BC0F
HKCR\Installer\Patches 2451D69CF585D214C8A52004DB1A469B
HKCR\Installer\Patches 24DF66A32D05A9E3185BCE3E5E3C90A7
HKCR\Installer\Patches 256917180E811B74A9218FB20F574DBD
HKCR\Installer\Patches 28C9EA2BB7CD1463FB8C7872C5F46370
HKCR\Installer\Patches 295DC294DD789E13083868560A521636
HKCR\Installer\Patches 2F2AEE7ADCFB45A45A57B7187A686E85
HKCR\Installer\Patches 39A42FFE0FC238638B828E356BCFABA0
HKCR\Installer\Patches 39D9350CFCD18153BBE9C69E85245243
HKCR\Installer\Patches 3D90EFE177C6D6E478F667BC032D50C6
HKCR\Installer\Patches 410EFE49775EB0132B5D96372AD1A809
HKCR\Installer\Patches 4152E9034D92C5043B1B417D32B1AF61
HKCR\Installer\Patches 41A670B5874F6653EBA789C5C326F94A
HKCR\Installer\Patches 43F3D5FAA348FB140A3FF2BB0AB09A9B
HKCR\Installer\Patches 484CA1D2615EC8048852CA1B3C65CAA7
HKCR\Installer\Patches 497891D0FB691B933A783D2B3D7B3B31
HKCR\Installer\Patches 4C9878626E35BDD4F833D8F0E900B0AE
HKCR\Installer\Patches 4F0D74A71940DEB379AB7649296369EA
HKCR\Installer\Patches 55399781A9D2FFB32AEFF88353F1ADAB
HKCR\Installer\Patches 5E903427217EC6249BD46B4B52112CF9
HKCR\Installer\Patches 5EDEE27DAF3D979329DEF894846ED2F0
HKCR\Installer\Patches 6BE374011DC2CCB3D99A1D1081FE29FF
HKCR\Installer\Patches 82B28DCEEB84C6245BB5E60C22162658
HKCR\Installer\Patches 842EF927D05A30F3A80C5CD8B48E1278
HKCR\Installer\Patches 881B67FDBD11CD343A98012492599A97
HKCR\Installer\Patches 91C30D4F0ACD90B4387EEBB3608C4DCD
HKCR\Installer\Patches 91F4988A8C952D83A857630CCC5EA6B5
HKCR\Installer\Patches 99700303DBD40833B8036913F16A0EFA
HKCR\Installer\Patches 9E0DE89293FE9BB33898F24ED18CCF08
HKCR\Installer\Patches AAFBBB7E787EA793BB22AE23AED80090
HKCR\Installer\Patches B4C419EC05CA8E13D92A51BD928D65F8
HKCR\Installer\Patches B4DC2171CF6DE183589FF2E42C91F993
HKCR\Installer\Patches B8E5183F184F14C3B914AFA1695FB79E
HKCR\Installer\Patches B8F6D1795C8E4A94E93D980C010B8D2D
HKCR\Installer\Patches BB3686E2280450B3BBC202FE614DDB28
HKCR\Installer\Patches BE7C28545F39D804F992A5B51E7E8654
HKCR\Installer\Patches BFA4FADB702EF113988A97B62D41E0AE
HKCR\Installer\Patches C2F0231D40D9D803E8D22D45A79EF758
HKCR\Installer\Patches C3CFBEEB1B8483A43A5C18AB91FDF504
HKCR\Installer\Patches C9FD711D6B973473EB36750D060F6CEB
HKCR\Installer\Patches CB4FA93924CE1D83EA28194D7ADE9811
HKCR\Installer\Patches DE6BA3F2C1597EC4A89C5864DFFCF1A5
HKCR\Installer\Patches E0337B0F8B42AE34C86D1D4124A8C1CE
HKCR\Installer\Patches E54DA494170E9184E8511E40F1FB0F37
HKCR\Installer\Patches E6C461BDA4E80374796CED4868BE63F7
HKCR\Installer\Patches E9030CAD6F70DA545BFBB5D0FE17FFEE
HKCR\Installer\Patches EFF6472AB8C522232900B0C6FDFBE1C3
HKCR\Installer\Patches F9DC276355B3ECF3D85A5DC7A31B1005
Expand Severity Title Port/Service
1
Microsoft Windows System EventLog Policy Parameters
QID:
105165
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
04/18/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
This reports the EventLog parameters for the System database that are of interest to compliance audits. These configurations exist under this registry subkey:

HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\System

RestrictGuestAccess - Setting this to 1 prevents guests and anonymous user accounts from having read access to the System EventLog.

MaxSize - This value specifies tha maximum size limit for the System EventLog database.

Retention - This value specifies the overwrite behavior for the System EventLog. 0 means overwrite as needed. 0xffffffff means do not overwrite events, and other values specify number of days that eventlog entries are preserved before overwriting.

IMPACT:
N/A
SOLUTION:
Configure the System EventLog by changing the registry values to appropriate values, or use the EventViewer GUI to change the parameters.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
HKLM\SYSTEM\CurrentControlSet\Services\EventLog\System
MaxSize=33554432
Retention=0
RestrictGuestAccess=1
Expand Severity Title Port/Service
1
Microsoft Windows Application EventLog Policy Parameters
QID:
105166
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
04/18/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
This reports the EventLog parameters for the System database that are of interest to compliance audits. These configurations exist under this registry subkey:

HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application

RestrictGuestAccess - Setting this to 1 prevents guests and anonymous user accounts from having read access to the Application EventLog database.

MaxSize - This value specifies tha maximum size limit for the Application EventLog database.

Retention - This value specifies the overwrite behavior for the Application EventLog. 0 means overwrite as needed. 0xffffffff means do not overwrite events, and other values specify the number of days of eventlog entries that are preserved before overwriting.

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Type: CobIT
Section: DS5.4
Description: User Account Management Ensure that requesting, establishing, issuing, suspending, modifying and closing user accounts and related user privileges are addressed by user account management. An approval procedure outlining the data or system owner granting the access privileges should be included. These procedures should apply for all users, including administrators (privileged users), internal and external users, for normal and emergency cases. Rights and obligations relative to access to enterprise systems and information are contractually arranged for all types of users. Perform regular management review of all accounts and related privileges.

EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
MaxSize=33554432
Retention=0
RestrictGuestAccess=1
Expand Severity Title Port/Service
1
Microsoft Windows Security EventLog Policy Parameters
QID:
105167
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
04/07/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
This reports the EventLog parameters for the Security database that are of interest to compliance audits. These configurations exist under this registry subkey:
HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security

RestrictGuestAccess - Setting this to 1 prevents guests and anonymous user accounts from having read access to the Security EventLog.

MaxSize - This value specifies tha maximum size limit for the Security EventLog database.

Retention - This value specifies the overwrite behavior for the Security EventLog. 0 means overwrite as needed. 0xffffffff means do not overwrite events, and other values specify the number of days of eventlog entries that are preserved before overwriting.

IMPACT:
N/A
SOLUTION:
Configure the Security Eventlog by changing the registry values to appropriate values or use the EventViewer GUI to change the parameters.
COMPLIANCE:
Type: CobIT
Section: DS5.4
Description: User Account Management Ensure that requesting, establishing, issuing, suspending, modifying and closing user accounts and related user privileges are addressed by user account management. An approval procedure outlining the data or system owner granting the access privileges should be included. These procedures should apply for all users, including administrators (privileged users), internal and external users, for normal and emergency cases. Rights and obligations relative to access to enterprise systems and information are contractually arranged for all types of users. Perform regular management review of all accounts and related privileges.

EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Security
MaxSize=268435456
Retention=0
RestrictGuestAccess=1
Expand Severity Title Port/Service
1
Windows Builtin User Group Membership Audit - Backup Operators
QID:
105239
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
11/11/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The members of the Backup Operators Group are enumerated. It is essential to make sure unauthorized users are not part of this builtin group.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Backup Operators No members in this group
Expand Severity Title Port/Service
1
Windows Builtin User Group Membership Audit - Replicator
QID:
105240
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
11/11/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
User accounts that are members of the Replicator Group are enumerated from the target host.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Replicator No members in this group
Expand Severity Title Port/Service
1
Windows Builtin User Group Membership Audit - Network Configuration Operators
QID:
105241
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
11/11/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The user accounts that are members of the Network Configuration Operators group are enumerated.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Network Configuration Operators No members in this group
Expand Severity Title Port/Service
1
ActiveX Controls Enumerated
QID:
105276
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
12/15/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The ActiveX controls from the target Microsoft Windows system are enumerated.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Control:{026371C0-1B7C-11CF-9D53-00AA003C9CB6}DisplayName:Microsoft UpDown Control, version 5.0 (SP2)Version:1.1
Control:{06DD38D3-D187-11CF-A80D-00C04FD74AD8}DisplayName:ActiveXPlugin ObjectVersion:1.0
Control:{0713E8A2-850A-101B-AFC0-4210102A8DA7}DisplayName:Microsoft TreeView Control, version 5.0 (SP2)Version:1.3
Control:{0713E8D2-850A-101B-AFC0-4210102A8DA7}DisplayName:Microsoft ProgressBar Control, version 5.0 (SP2)Version:1.3
Control:{0996FF6F-B6A1-11D0-9292-00C04FB6678B}DisplayName:Microsoft Certificate Authority ControlVersion:1.0
Expand Severity Title Port/Service
1
Default Web Page port 80/tcp
QID:
12230
Category:
CGI
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
06/19/2006
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The Result section displays the default Web page for the Web server.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Content-Type: text/html
Date: Sat, 23 Mar 2013 21:19:12 GMT
Connection: close
Content-Length: 39

<h1>Bad Request (Invalid Hostname)</h1>
Expand Severity Title Port/Service
1
Default Web Page port 443/tcp over SSL
QID:
12230
Category:
CGI
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
06/19/2006
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The Result section displays the default Web page for the Web server.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Connection: close
Date: Sat, 23 Mar 2013 21:19:13 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=42245096;expires=Mon, 16-Mar-2043 21:19:13 GMT;path=/
Set-Cookie: CFTOKEN=62556345;expires=Mon, 16-Mar-2043 21:19:13 GMT;path=/
location: http://hsl.lib.unc.edu
Content-Type: text/html; charset=UTF-8




















































































































































<script type="text/javascript">
var gaJsHost = (("htt
Expand Severity Title Port/Service
1
SSL Server Information Retrieval port 443/tcp over SSL
QID:
38116
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
07/28/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:

The following is a list of supported SSL ciphers. Note: If a cipher is included in this list it means that it was possible to establish a SSL connection using that cipher. There are some web servers setups that allow connections to be established using a LOW grade cipher, only to provide a web page stating that the URL is accessible only through a non-LOW grade cipher. In this case even though LOW grade cipher will be listed here QID 38140 will not be reported.

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
CIPHERKEY-EXCHANGEAUTHENTICATIONMACENCRYPTION(KEY-STRENGTH)GRADE
SSLv2 PROTOCOL IS ENABLED
DES-CBC3-MD5RSARSAMD53DES(168) HIGH
RC4-MD5RSARSAMD5RC4(128) MEDIUM
RC2-CBC-MD5RSARSAMD5RC2(128) MEDIUM
EXP-RC4-MD5RSA(512)RSAMD5RC4(40) LOW
EXP-RC2-CBC-MD5RSA(512)RSAMD5RC2(40) LOW
DES-CBC-MD5RSARSAMD5DES(56) LOW
SSLv3 PROTOCOL IS ENABLED
SSLv3COMPRESSION METHODNone
DES-CBC3-MD5RSARSAMD53DES(168) HIGH
RC4-MD5RSARSAMD5RC4(128) MEDIUM
RC2-CBC-MD5RSARSAMD5RC2(128) MEDIUM
EXP-RC4-MD5RSA(512)RSAMD5RC4(40) LOW
EXP-RC2-CBC-MD5RSA(512)RSAMD5RC2(40) LOW
DES-CBC-MD5RSARSAMD5DES(56) LOW
DES-CBC3-SHARSARSASHA13DES(168) HIGH
RC4-SHARSARSASHA1RC4(128) MEDIUM
EXP1024-DES-CBC-SHARSA(1024)RSASHA1DES(56) LOW
DES-CBC-SHARSARSASHA1DES(56) LOW
EXP1024-RC4-SHARSA(1024)RSASHA1RC4(56) LOW
TLSv1 PROTOCOL IS ENABLED
TLSv1COMPRESSION METHODNone
DES-CBC3-MD5RSARSAMD53DES(168) HIGH
RC4-MD5RSARSAMD5RC4(128) MEDIUM
RC2-CBC-MD5RSARSAMD5RC2(128) MEDIUM
EXP-RC4-MD5RSA(512)RSAMD5RC4(40) LOW
EXP-RC2-CBC-MD5RSA(512)RSAMD5RC2(40) LOW
DES-CBC-MD5RSARSAMD5DES(56) LOW
DES-CBC3-SHARSARSASHA13DES(168) HIGH
RC4-SHARSARSASHA1RC4(128) MEDIUM
EXP1024-DES-CBC-SHARSA(1024)RSASHA1DES(56) LOW
DES-CBC-SHARSARSASHA1DES(56) LOW
EXP1024-RC4-SHARSA(1024)RSASHA1RC4(56) LOW
Expand Severity Title Port/Service
1
SSL Session Caching Information port 443/tcp over SSL
QID:
38291
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
09/16/2004
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
SSL session is a collection of security parameters that are negotiated by the SSL client and server for each SSL connection. SSL session caching is targeted to reduce the overhead of negotiations in recurring SSL connections. SSL sessions can be reused to resume an earlier connection or to establish multiple simultaneous connections. The client suggests an SSL session to be reused by identifying the session with a Session-ID during SSL handshake. If the server finds it appropriate to reuse the session, then they both proceed to secure communication with already known security parameters.

This test determines if SSL session caching is enabled on the host.

IMPACT:
SSL session caching is part of the SSL and TLS protocols and is not a security threat. The result of this test is for informational purposes only.
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
SSLv3 session caching is enabled on the target.TLSv1 session caching is enabled on the target.
Expand Severity Title Port/Service
1
SSL/TLS invalid protocol version tolerance port 443/tcp over SSL
QID:
38597
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
02/13/2012
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
SSL/TLS protocols have different version that can be supported by both the client and the server. This test attempts to send invalid protocol versions to the target in order to find out what is the targets behavior. The results section contains a table that indicates what was the target's response to each of our tests.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
my versiontarget version
03040301
03990301
04000301
04990301
Expand Severity Title Port/Service
1
TLS Secure Renegotiation Extension Supported port 443/tcp over SSL
QID:
42350
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
12/01/2011
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Secure Socket Layer (SSL) and Transport Layer Security (TLS) renegotiation are vulnerable to an attack in which the attacker forms a TLS connection with the target server, injects content of his choice, and then splices in a new TLS connection from a client. The server treats the client's initial TLS handshake as a renegotiation and thus believes that the initial data transmitted by the attacker is from the same entity as the subsequent client data. TLS protocol was extended to cryptographically tierenegotiations to the TLS connections they are being performed over, This is referred to as TLS secure renegotiation extension. This detection determines whether the TLS secure renegotiation extension is supported by the server or not.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
TLS Secure Renegotiation Extension Status: supported.
Expand Severity Title Port/Service
1
SSL Certificate - Information port 443/tcp over SSL
QID:
86002
Category:
Web server
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
01/23/2003
User Modified:
-
Edited:
No
PCI Vuln:
No
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
NAMEVALUE
(0)CERTIFICATE 0
(0)Version3 (0x2)
(0)Serial Number 04:7d:cc:55:8f:bd:91
(0)Signature Algorithmsha1WithRSAEncryption
(0)ISSUER NAME
countryNameUS
stateOrProvinceNameArizona
localityNameScottsdale
organizationName"GoDaddy.com, Inc."
organizationalUnitNamehttp://certificates.godaddy.com/repository
commonNameGo Daddy Secure Certification Authority
serialNumber07969287
(0)SUBJECT NAME
organizationName*.hsl.unc.edu
organizationalUnitNameDomain Control Validated
commonName*.hsl.unc.edu
(0)Valid FromJul 19 13:27:48 2011 GMT
(0)Valid TillJul 6 12:14:14 2014 GMT
(0)Public Key AlgorithmrsaEncryption
(0)RSA Public Key(2048 bit)
(0) Public-Key: (2048 bit)
(0) Modulus:
(0) 00:ad:59:57:36:2f:21:09:19:be:22:98:5f:78:76:
(0) ae:fc:8f:57:af:33:d7:2c:60:28:67:29:08:7c:8c:
(0) 50:7c:08:aa:ab:0f:a3:85:8c:6b:e0:2c:59:44:6c:
(0) d8:28:fc:2d:a1:77:b1:bc:90:22:92:da:f0:f2:6f:
(0) 68:c9:1d:0d:4f:54:08:9c:e1:47:3a:1b:01:84:b0:
(0) af:3d:79:db:6c:42:9c:79:9c:22:5a:55:ef:14:f3:
(0) 0a:0b:f0:9e:e6:32:ae:f2:d1:1e:2c:86:27:a4:49:
(0) 9e:a4:28:6b:83:56:5f:10:69:54:70:44:8b:1e:93:
(0) f8:f3:07:41:4b:22:a6:e0:6c:98:7c:1d:f5:f8:92:
(0) 8e:b7:b5:36:ee:41:c4:0d:a4:06:d0:b7:21:ca:d2:
(0) cc:b1:5e:68:c8:72:e2:ee:32:e8:89:7f:23:d2:63:
(0) ff:d1:54:1e:cf:e8:02:7e:b5:5d:92:8d:2a:6b:12:
(0) e1:16:78:d9:28:a4:6e:c8:68:95:27:42:7d:12:d5:
(0) d3:8f:27:5c:e8:73:b4:0f:29:d7:d8:aa:c0:6e:54:
(0) 6d:44:39:a9:17:ac:7c:3f:f5:25:3d:85:fb:c7:fc:
(0) ee:61:df:4e:2c:fe:31:b4:d2:06:78:c2:31:94:0d:
(0) db:35:07:25:c9:e0:5a:1e:ba:3d:35:10:98:02:6d:
(0) b2:83
(0) Exponent: 65537 (0x10001)
(0)X509v3 EXTENSIONS
(0)X509v3 Basic Constraintscritical
(0) CA:FALSE
(0)X509v3 Extended Key Usage TLS Web Server Authentication, TLS Web Client Authentication
(0)X509v3 Key Usagecritical
(0) Digital Signature, Key Encipherment
(0)X509v3 CRL Distribution Points
(0) Full Name:
(0) URI:http://crl.godaddy.com/gds1-53.crl
(0)X509v3 Certificate Policies Policy: 2.16.840.1.114413.1.7.23.1
(0) CPS: https://certs.godaddy.com/repository/
(0)Authority Information Access OCSP - URI:http://ocsp.godaddy.com/
(0) CA Issuers - URI:http://certificates.godaddy.com/repository/gd_intermediate.crt
(0)X509v3 Authority Key Identifier keyid:FD:AC:61:32:93:6C:45:D6:E2:EE:85:5F:9A:BA:E7:76:99:68:CC:E7
(0)X509v3 Subject Alternative Name DNS:*.hsl.unc.edu, DNS:hsl.unc.edu
(0)X509v3 Subject Key Identifier D1:F4:C6:CD:D1:B3:E3:F6:FE:AC:48:D7:6A:43:79:2B:40:4B:45:06
(0)Signature(256 octets)
(0) 01:84:b1:4a:28:df:b4:29:3c:6d:c7:d8:2a:a0:b3:39
(0) 9c:b6:49:78:f1:01:4c:35:79:a0:7d:22:7c:5f:c3:41
(0) 39:e6:25:5b:2c:f6:e7:ba:05:92:94:6a:78:d2:24:c8
(0) 78:4f:bb:84:a0:a1:0b:39:ea:f2:de:a4:aa:45:0f:17
(0) ec:9b:a3:74:a9:23:1f:92:64:12:58:c5:5d:8c:e1:b8
(0) 05:6b:55:ee:31:3e:d1:27:23:ff:60:e9:ce:f2:2c:98
(0) 0c:4e:74:d3:48:81:83:93:c5:96:b7:45:22:b6:e5:12
(0) 6f:b0:a1:80:29:37:92:c6:6e:65:03:3c:21:bc:fa:f4
(0) d9:dd:3e:e9:b6:af:ad:fa:7c:09:00:32:35:3b:60:c4
(0) f5:e3:8f:95:5e:0e:f4:e2:e6:72:6c:16:70:0d:c1:a4
(0) 3b:dc:5b:94:9d:20:67:89:ab:10:5b:c3:9c:7f:3b:4e
(0) 30:0b:ab:ff:02:6c:02:de:20:a9:01:0d:fa:f2:8c:30
(0) 2e:1c:00:3e:90:8d:e8:72:2a:5b:1c:ef:3c:00:a8:a5
(0) 17:18:29:1a:00:87:51:62:c8:c4:b3:7a:b9:8f:6b:2d
(0) 1e:9f:ca:af:6b:68:0f:c5:66:51:29:85:88:11:18:a1
(0) f9:d6:f5:0c:ce:18:0c:64:aa:87:33:05:d2:2e:63:c6
Expand Severity Title Port/Service
1
HTTP Methods Returned by OPTIONS Request port 443/tcp
QID:
45056
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
01/16/2006
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The HTTP methods returned in response to an OPTIONS request to the Web server detected on the target host are listed.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Allow: OPTIONS, TRACE, GET, HEAD, POST
Expand Severity Title Port/Service
1
Microsoft IIS Server Detected port 443/tcp
QID:
45104
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
07/13/2009
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Microsoft Internet Information Services (IIS) Web Server was detected on the target host.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Microsoft-IIS/6.0
Expand Severity Title Port/Service
1
SSL Web Server Version port 443/tcp
QID:
86001
Category:
Web server
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
01/01/1999
User Modified:
-
Edited:
No
PCI Vuln:
No
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Server VersionServer Banner
Microsoft-IIS/6.0Microsoft-IIS/6.0
Expand Severity Title Port/Service
1
List of Web Directories port 443/tcp
QID:
86672
Category:
Web server
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
09/10/2004
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Based largely on the HTTP reply code, the following directories are most likely present on the host.
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
DirectorySource
/scripts/brute force
brute force
/news/brute force
/aspnet_client/brute force
/survey/brute force
/search/brute force
/CFIDE/brute force
/CFIDEbrute force
Expand Severity Title Port/Service
3
Administrator Account's Password Does Not Expire
 
QID:
90080
Category:
Windows
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
04/26/2013
User Modified:
-
Edited:
No
PCI Vuln:
Yes
CVSS Base:
7.5[1]
CVSS Temporal:
7.1
THREAT:
The scanner probed the Security & Accounts Database (SAM) and found that the target Windows box's Administrator account has a password that does not expire.
IMPACT:
Depending on the site's policy, this may be considered a security vulnerability since it allows attackers an infinite duration to try bruteforcing (guessing over multiple login attempts) the password for the account.
SOLUTION:
Reconfigure the Administrator account's properties to expire the password after a specified duration per the site's policy. Ideally, domain-wide policies should be set on the Domain Controller so that all Windows hosts on the domain comply automatically, and each individual host does not need to be configured.

Note that the Administrator account on the Domain Controller(s) will always have a password that does not expire, since the option check box in the properties dialog box for this account is greyed out.

Additional details can be found under QID 45031 "Accounts Enumerated From SAM Database Whose Passwords Do Not Expire."

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
No results available
Expand Severity Title Port/Service
3
SSL Server Has SSLv2 Enabled Vulnerability port 443/tcp over SSL
 
QID:
38139
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/09/2012
User Modified:
-
Edited:
No
PCI Vuln:
Yes
CVSS Base:
4[1]
CVSS Temporal:
3.6
THREAT:
The Secure Socket Layer (SSL) protocol allows for secure communication between a client and a server.

There are known flaws in the SSLv2 protocol. A man-in-the-middle attacker can force the communication to a less secure level and then attempt to break the weak encryption. The attacker can also truncate encrypted messages.

These flaws have been fixed in SSLv3 (or TLSv1). Most servers (including all popular Web servers, mail servers, etc.) and clients (including Web-clients like IE, Netscape Navigator and Mozilla and mail clients) support both SSLv2 and SSLv3. However, SSLv2 is enabled by default for backward compatibility.

The following link provides more information about this vulnerability:
Analysis of the SSL 3.0 Protocol

IMPACT:
An attacker can exploit this vulnerability to read secure communications or maliciously modify messages.
SOLUTION:
Disable SSLv2.

Typically, for Apache/mod_ssl, httpd.conf or ssl.conf should have the following lines:
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM

For Apache/apache_ssl, httpd.conf or ssl.conf should have the following line:
SSLNoV2

How to disable SSLv2 on IIS : Microsoft Knowledge Base Article - 187498
How to Restrict the Use of Certain Cryptographic Algorithms and Protocols in Schannel.dll : Microsoft Knowledge Base Article - 245030

For IIS 7, refer to the article How to Disable SSL 2.0 in IIS 7 for further information.

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Established SSLv2 connection using DES-CBC3-MD5 cipher.
Expand Severity Title Port/Service
2
Hidden RPC Services
 
QID:
11
Category:
RPC
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
01/01/1999
User Modified:
-
Edited:
No
PCI Vuln:
Yes
CVSS Base:
5[1]
CVSS Temporal:
3.6
THREAT:
The Portmapper/Rpcbind listens on port 111 and stores an updated list of registered RPC services running on the server (RPC name, version and port number). It acts as a "gateway" for clients wanting to connect to any RPC daemon.

When the portmapper/rpcbind is removed or firewalled, standard RPC client programs fail to obtain the portmapper list. However, by sending carefully crafted packets, it's possible to determine which RPC programs are listening on which port. This technique is known as direct RPC scanning. It's used to bypass portmapper/rpcbind in order to find RPC programs running on a port (TCP or UDP ports). On Linux servers, RPC services are typically listening on privileged ports (below 1024), whereas on Solaris, RPC services are on temporary ports (starting with port 32700).

IMPACT:
Unauthorized users can build a list of RPC services running on the host. If they discover vulnerable RPC services on the host, they then can exploit them.
SOLUTION:
Firewalling the portmapper port or removing the portmapper service is not sufficient to prevent unauthorized users from accessing the RPC daemons. You should remove all RPC services that are not strictly required on this host.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
NameProgramVersionProtocolPort
portmap/rpcbind1000002-4tcp111
nfs1000032-3tcp2049
Expand Severity Title Port/Service
2
Global User List
 
QID:
45002
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
04/08/2009
User Modified:
-
Edited:
No
PCI Vuln:
Yes
CVSS Base:
5[1]
CVSS Temporal:
4.7
THREAT:
This is the global system user list, which was retrieved during the scan by exploiting one or more vulnerabilities. The Qualys IDs for the vulnerabilities leading to the disclosure of these users are also given in the Result section. Each user will be displayed only once, even though it may be obtained by using different methods.
IMPACT:
These common account(s) can be used by a malicious user to break-in the system via password bruteforcing.
SOLUTION:
To prevent your host from being attacked, do one or more of the following:
  • Remove (or rename) unnecessary accounts
  • Shutdown unnecessary network services
  • Ensure the passwords to these accounts are kept secret
  • Use a firewall to restrict access to your hosts from unauthorized domains
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
User NameSource Vulnerability (QualysID)
Administrator45032, 45031
hsl.guest90266, 45027, 45031
hsladmin45031
___VMware_Conv_SA___105234
Expand Severity Title Port/Service
2
YP/NIS RPC Services Listening on Non-Privileged Ports
 
QID:
66043
Category:
RPC
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
06/04/2009
User Modified:
-
Edited:
No
PCI Vuln:
No
CVSS Base:
0[1]
CVSS Temporal:
0
THREAT:
When running for the first time on a server, RPC Daemons register an entry in the portmapper list. Since they usually run as root, RPC services use privileged ports (ports below 1024). It seems that one of the following RPC Daemons is running on a non-privileged port on your server: NFS, MOUNT, NIS or YP.

Note that for NFS, any port other than 2049 is considered a non-privileged port.

IMPACT:
By exploiting RPC services running on non-reserved ports, unauthorized users can perform port hijacking.
SOLUTION:
This problem was resolved in newer releases of OpenBSD and Linux. If you are running Solaris, then you should also upgrade to the latest version.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

N/A: OpenBSD (Operating System)

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
TCP Port 1048
UDP Port 1048
Expand Severity Title Port/Service
2
NFS RPC Services Listening on Non-Privileged Ports
 
QID:
66044
Category:
RPC
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/22/2012
User Modified:
-
Edited:
No
PCI Vuln:
Yes
CVSS Base:
5[1]
CVSS Temporal:
3.6
THREAT:
When running for the first time on a server, RPC Daemons register an entry in the portmapper list. Since they usually run as root, RPC services use ports below 1024 (privileged ports), excluding the NFS and nlockmgr RPC services that listen on ports 2049 and 4045 respectively. It was discovered that such services were not running on their assigned port.
IMPACT:
By exploiting RPC services running on non-reserved ports, unauthorized users can perform port hijacking.
SOLUTION:
Run NFS and nlockmgr RPC services on their assigned ports.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
TCP Port 1047
UDP Port 1047
Expand Severity Title Port/Service
2
Default Windows Administrator Account Name Present
 
QID:
90081
Category:
Windows
CVE ID:
CVE-1999-0585
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
06/04/2009
User Modified:
-
Edited:
No
PCI Vuln:
No
CVSS Base:
2.1
CVSS Temporal:
2
THREAT:
The scanner probed the LSA, Local Security Authority, for the administrator account's name. The target has the default/out-of-the-box name "Administrator" set.
IMPACT:
Most attackers and malicious scripts assume an administrator account name of "Administrator" on Windows systems. If the target has not changed this name, it will simplify the task of the attacker, for example in bruteforcing the password for the account.
SOLUTION:
Change the administrator account's name to a non-default value.

Please note that if the scanner has been configured to use Windows Authentication and uses the local administrator account (as against a domain-admin account) to scan this target, the scanner will need to be reconfigured to use the new administrator account name instead.

COMPLIANCE:
Type: CobIT
Section: DS5.4
Description: User Account Management Ensure that requesting, establishing, issuing, suspending, modifying and closing user accounts and related user privileges are addressed by user account management. An approval procedure outlining the data or system owner granting the access privileges should be included. These procedures should apply for all users, including administrators (privileged users), internal and external users, for normal and emergency cases. Rights and obligations relative to access to enterprise systems and information are contractually arranged for all types of users. Perform regular management review of all accounts and related privileges.

EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Administrator
Expand Severity Title Port/Service
2
Microsoft Windows Remote Desktop Protocol Server Private Key Disclosure
 
QID:
90250
Category:
Windows
CVE ID:
CVE-2005-1794
Vendor Reference
-
Bugtraq ID:
13818
Service Modified:
01/07/2010
User Modified:
-
Edited:
No
PCI Vuln:
Yes
CVSS Base:
6.4
CVSS Temporal:
6.1
THREAT:
Microsoft Windows Remote Desktop Protocol is affected by a private key disclosure vulnerability.

When an RDP client initiates a session with an RDP server, the server responds with a server certificate containing an RSA public key and its digital signature. The client decrypts the signature using the server's public key and compares the result with the hash of the new public key received from the server to verify the identity of the server.

The vulnerability presents itself because a private key that is used to sign the Terminal Server public key is hardcoded in "mstlsapi.dll". A subroutine of the "TLSInit" API dynamically creates, uses and de-allocates this key.

IMPACT:
Successful exploitation can allow the attacker to disclose the key and calculate a valid signature to carry out man in the middle attacks. An attacker could therefore cause the client to connect to a server under their control and send the client a public key to which they possess the private key.
SOLUTION:
There are no vendor-supplied solutions available at this time.

Workarounds:
- As there is no patch, this vulnerability should be mitigated by using some semblance of network filtering (e.g., firewalling RDP off from the open Internet).

For Windows Server 2003, the security of Terminal Server can be enhanced by configuring Terminal Services connections to use Transport Layer Security (TLS) 1.0 for server authentication, and to encrypt terminal server communications. Please refer to cc782610 to obtain additional details.

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Detected service win_remote_desktop and os WINDOWS VISTA / WINDOWS 2008
Expand Severity Title Port/Service
2
Unused Active Windows Accounts Found
 
QID:
105234
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/11/2009
User Modified:
-
Edited:
No
PCI Vuln:
No
CVSS Base:
0[1]
CVSS Temporal:
0
THREAT:
The target Microsoft Windows system has active user accounts that were never used to logon to the system.
IMPACT:
N/A
SOLUTION:
Workaround:
Remove the unused accounts.
COMPLIANCE:
Type: CobIT
Section: DS5.4
Description: User Account Management Ensure that requesting, establishing, issuing, suspending, modifying and closing user accounts and related user privileges are addressed by user account management. An approval procedure outlining the data or system owner granting the access privileges should be included. These procedures should apply for all users, including administrators (privileged users), internal and external users, for normal and emergency cases. Rights and obligations relative to access to enterprise systems and information are contractually arranged for all types of users. Perform regular management review of all accounts and related privileges.

EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
___VMware_Conv_SA___
Expand Severity Title Port/Service
2
Account Brute Force Possible Through IIS NTLM Authentication Scheme intranet.hsl.unc.edu:443/tcp
 
QID:
86693
Category:
Web server
CVE ID:
CVE-2002-0419
Vendor Reference
-
Bugtraq ID:
4235
Service Modified:
05/07/2008
User Modified:
-
Edited:
No
PCI Vuln:
Yes
CVSS Base:
5
CVSS Temporal:
4.7
THREAT:
NTLM authentication is enabled on the Microsoft IIS Web server. This allows a remote user to perform account brute force by requesting a non-existing HTTP resource or an existing HTTP resource that does not actually require authentication. Requests would include the "Authorization: NTLM" field.
IMPACT:
An attacker can attempt brute force attacks against known Windows logins, including the Administrator Account, which could potentially lead to the system being compromised. Windows also has a few easy-to-guess default names for built-in accounts: "Administrator" for administering the computer/domain, "Guest" for guest access, IUSR_<MachineName> for anonymous access to IIS, and IWAM_<Machinename> for IIS to start out of process applications. Here the machine name <Machinename> may be obtained via Windows UDP Netbios NS (port 137).

If the host has an account lockout policy in place, a remote user may exploit this vulnerability to lockout a local user, provided that the name of the local user is known.
The account lockout policy does not apply to the administrator account. So if the host uses a default name of "Administrator" for the administrator account, the password brute force of this account is possible through the IIS authentication interface.

If the host does not have an account lockout policy in place, a remote user may exploit this vulnerability to brute force user passwords.

In addition, if the request has the NTLMSSP_REQUEST_TARGET flag on, the Web server may respond to the request with an NTLM challenge that contains sensitive host information, such as the Windows server and domain in which the authentication will be checked.

SOLUTION:
Currently there are no vendor supplied patches available for this issue.

Workaround:
1) Disable NTLM authentication for your Web server. This can be done by unchecking "Integrated Windows Authentication" within "Authentication Method" under "Directory Security" in "Default Web Site Properties".

Note: If NTLM cannot be disabled, an alternative remediation option for this issue is to perform the following 2 actions:

1) Ensure an Account Lockout Policy is in place.
2) Ensure the Administrator Account has been renamed to something more unique.

A Lockout Policy will ensure an attacker does not have an unlimited amount of time and attempts to guess the password. The Admin Account needs to be renamed because by default the Lockout Policy does not apply to the Administrator Account.

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
GET / HTTP/1.1
Host: intranet.hsl.unc.edu
Connection: Keep-Alive
Authorization: NTLM TlRMTVNTUAABAAAAA7IAAAAAAAAgAAAADwAPACAAAABRVUFMWVMtR08wSVFZWU4AAA==



HTTP/1.1 401 Unauthorized
Content-Type: text/html
Server: Microsoft-IIS/7.0
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
X-Powered-By: ASP.NET
Date: Sat, 23 Mar 2013 17:10:32 GMT
Content-Length: 1293

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
<title>401 - Unauthorized: Access is denied due to invalid credentials.</title>
<style type="text/css">
<!--
body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}
fieldset{padding:0 15px 10px 15px;}
h1{font-size:2.4em;margin:0;color:#FFF;}
h2{font-size:1.7em;margin:0;color:#CC0000;}
h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;}
#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;
background-color:#555555;}
#content{margin:0 0 0 2%;position:relative;}
.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}
-->
</style>
</head>
<body>
<div id="header"><h1>Server Error</h1></div>
<div id="content">
<div class="content-container"><fieldset>
<h2>401 - Unauthorized: Access is denied due to invalid credentials.</h2>
<h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3>
</fieldset></div>
</div>
</body>
</html>
Expand Severity Title Port/Service
2
AutoComplete Attribute Not Disabled for Password in Form Based Authentication intranet.hsl.unc.edu:443/tcp
 
QID:
86729
Category:
Web server
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/04/2009
User Modified:
-
Edited:
No
PCI Vuln:
No
CVSS Base:
2.6[1]
CVSS Temporal:
2
THREAT:
The Web server allows form based authentication without disabling the AutoComplete feature for the password field.
IMPACT:
The passwords entered by one user could be stored by the browser and retrieved for another user using the browser.
SOLUTION:
Contact the vendor to have the AutoComplete attribute disabled for the password field in all forms. The AutoComplete attribute should also be disabled for the user ID field.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
GET /CFIDE/administrator/index.cfm HTTP/1.0

<form name="loginform" action="/CFIDE/administrator/enter.cfm" method="POST" onSubmit="cfadminPassword.value = hex_hmac_sha1(salt.value, hex_sha1(cfadminPassword.value));" >




<table>
<tr>
<td><img src="/CFIDE/administratorspacer.gif" alt="" width="1" height="100"></td>
</tr>
</table>

<table width="570" border="0" cellspacing="0" cellpadding="0" align="center" background="/CFIDE/administratorloginbackground.jpg">
<tr>
<td colspan="4"><img src="/CFIDE/administratorspacer.gif" alt="" width="1" height="130"></td>
</tr>
<tr>
<td rowspan="5"><img src="/CFIDE/administratorspacer.gif" alt="" width="25" height="1"></td>
<td align="left">
<table>
<tr>
<td>



<p style="font-weight:bold;margin:5px 0px 5px 0px;">
User name
</p>

<input name="cfadminUserId" type="text" size="15" maxlength="100" id="admin_login_id" value="admin" autocomplete="false" style="width:300px; padding-left:5px;" disabled="disabled">


</td>
</tr>
<tr>
<td>



<p style="font-weight:bold;margin:5px 0px 5px 0px;">
Password
</p>
<input name="cfadminPassword" type="Password" size="15" maxlength="100" id="admin_login" autocomplete="false" style="width:300px; padding-left:5px;">
</td>
</tr>

</table>
</td>
<td width="200px" class="loginInvalidText">
<p style="margin:75px 0px 0px 0px;">

</p>
</td>
<td rowspan="5"><img src="/CFIDE/administratorspacer.gif" alt="" width="15" height="1"></td>
</td>
</tr>
<tr>
<td align="left" colspan="2">




<input name="requestedURL" type="hidden" value="%2FCFIDE%2Fadministrator%2Findex.cfm%3F">
<input name="salt" type="hidden" value="1364058633416">
<input name="submit" type="submit" value="Login" style=" margin:7px 0px 0px 2px;;width:80px">
</td>
</tr>
<tr>
<td colspan="2">
<table border="0" cellpadding="0" cellspacinGET /CFIDE/administrator/index.cfm HTTP/1.1
Host: intranet.hsl.unc.edu
Connection: Keep-Alive

GET /CFIDE/administrator/index.cfm?%3E%22%3E%3Cscript%3Ealert(%22QUALYS%20XSS%22)%3C/script%3E HTTP/1.1
Host: intranet.hsl.unc.edu
Connection: Keep-Alive

GET /CFIDE/Administrator/index.cfm HTTP/1.1
Host: intranet.hsl.unc.edu
Connection: Keep-Alive

GET /CFIDE/administrator/ HTTP/1.1
Host: intranet.hsl.unc.edu
Connection: Keep-Alive

get /CFIDE/administrator/ HTTP/1.1
Host: intranet.hsl.unc.edu
Connection: Keep-Alive
Expand Severity Title Port/Service
1
Microsoft IIS Authentication Method Disclosure Vulnerability intranet.hsl.unc.edu:443/tcp
 
QID:
86316
Category:
Web server
CVE ID:
CVE-2002-0419
Vendor Reference
-
Bugtraq ID:
4235
Service Modified:
05/07/2008
User Modified:
-
Edited:
No
PCI Vuln:
No
CVSS Base:
5
CVSS Temporal:
4.5
THREAT:
Microsoft IIS supports Basic and NTLM authentication. It has been reported that the authentication methods supported by a given IIS server can be revealed to an attacker through the inspection of returned error messages, even when anonymous access is also granted.

When a valid authentication request is submitted (for either method) with an invalid username and password, an error message is returned. This happens even if anonymous access to the requested resource is allowed.

IMPACT:
If this vulnerability is successfully exploited, a malicious user can learn what authentication method is used. This information can then be used in further intelligent attacks against the server, or in a brute force password attack against a known user name.
SOLUTION:
Currently there are no vendor supplied patches available.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
NTLM
Expand Severity Title Port/Service
2
Windows User Accounts With Unchanged Passwords
 
QID:
105236
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/11/2009
User Modified:
-
Edited:
No
PCI Vuln:
No
CVSS Base:
0[1]
CVSS Temporal:
0
THREAT:
The target Microsoft Windows system has some user accounts with passwords which have never changed. This may include any disabled accounts that you may have.
IMPACT:
N/A
SOLUTION:
Please check if this adheres with your security policy and remove unwanted accounts.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
hsl.guest
Expand Severity Title Port/Service
3
Remote Access or Management Service Detected
QID:
42017
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
10/17/2011
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
A remote access or remote management service was detected. If such a service is accessible to malicious users it can be used to carry different type of attacks. Malicious users could try to brute force credentials or collect additional information on the service which could enable them in crafting further attacks.

The Results section includes information on the remote access service that was found on the target.

Services like Telnet, Rlogin, SSH, windows remote desktop, pcAnywhere, Citrix Management Console, Remote Admin (RAdmin), VNC, OPENVPN and ISAKMP are checked.

IMPACT:
Consequences vary by the type of attack.
SOLUTION:
Expose the remote access or remote management services only to the system administrators or intended users of the system.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Service name: Remote Desktop on TCP port 3389.
Expand Severity Title Port/Service
3
Accounts Enumerated From SAM Database Whose Passwords Do Not Expire
QID:
45031
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
08/30/2004
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The Security Accounts Manager holds user and machine account information. The scanner found at least one user or machine account in the SAM database for the target Windows machine whose password does not expire. The accounts are listed in the Result section.
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
User/Machine Accounts With Passwords That Do Not Expire:
Administrator hsl.guest hsladmin
Expand Severity Title Port/Service
3
NetBIOS Shared Folders
QID:
70030
Category:
SMB / NETBIOS
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
10/29/2003
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The following NetBIOS shared folders have been detected.
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Device NameCommentTypeLabelSizeDescription
ADMIN$Remote Admin-2147483648
AdminColorADMINColor1
adminfiles 0
ADMINLaserADMINLaser1
C$Default share-2147483648
CatalogLaserCatalogLaser1
CSLaserCSLaser1
D$ -2147483648
Data 0
G$Default share-2147483648
HSL6_ITHSL6_IT1
HSL6_LSLaserHSL6_LSLaser1
HSL6_pr02HSL6_pr021
ILLLaser2ILLLaser21
Intranet 0
intranetfiles 0
IPC$Remote IPC-2147483645
LJ2300deskjet printer for ConnectCarolina, fines, lost books, etc.1
print$Printer Drivers0
prnproc$Printer Drivers0
RMSLASERRMSLASER1
Scripts 0
USCLaserUSCLaser1
Expand Severity Title Port/Service
2
Operating System Detected
QID:
45017
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
02/09/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Several different techniques can be used to identify the operating system (OS) running on a host. A short description of these techniques is provided below. The specific technique used to identify the OS on this host is included in the RESULTS section of your report.

1) TCP/IP Fingerprint: The operating system of a host can be identified from a remote system using TCP/IP fingerprinting. All underlying operating system TCP/IP stacks have subtle differences that can be seen in their responses to specially-crafted TCP packets. According to the results of this "fingerprinting" technique, the OS version is among those listed below.

Note that if one or more of these subtle differences are modified by a firewall or a packet filtering device between the scanner and the host, the fingerprinting technique may fail. Consequently, the version of the OS may not be detected correctly. If the host is behind a proxy-type firewall, the version of the operating system detected may be that for the firewall instead of for the host being scanned.

2) NetBIOS: Short for Network Basic Input Output System, an application programming interface (API) that augments the DOS BIOS by adding special functions for local-area networks (LANs). Almost all LANs for PCs are based on the NetBIOS. Some LAN manufacturers have even extended it, adding additional network capabilities. NetBIOS relies on a message format called Server Message Block (SMB).

3) PHP Info: PHP is a hypertext pre-processor, an open-source, server-side, HTML-embedded scripting language used to create dynamic Web pages. Under some configurations it is possible to call PHP functions like phpinfo() and obtain operating system information.

4) SNMP: The Simple Network Monitoring Protocol is used to monitor hosts, routers, and the networks to which they attach. The SNMP service maintains Management Information Base (MIB), a set of variables (database) that can be fetched by Managers. These include "MIB_II.system.sysDescr" for the operating system.

IMPACT:
Not applicable.
SOLUTION:
Not applicable.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Operating SystemTechniqueID
Windows 2008 Service Pack 2CIFS via TCP Port 445
Windows Vista / Windows 2008TCP/IP FingerprintU3414:80
Windows 2003/XP/Vista/2008MS-RPCFingerprint
Windows 2008/VistaNTLMSSP
Expand Severity Title Port/Service
2
Windows Effective Password Policy Information Gathering Via SAM Database
QID:
45026
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
07/29/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
This check probes the SAM database on the target host for password policy information. Information gathered is:

Minimum Password Age in Days
Maximum Password Age in Days
Minimum Password Length in Characters
Password History (Number of old passwords remembered)

The policy is the effective policy, which is a combination of the local policy settings (if any) and the domain-wide policy settings made on the Domain Controller(s) for the domain.

This probe requires authentication to be successful.

IMPACT:
This password policy information may be used for auditing a Windows-based network for password policy compliance of its nodes. An attacker with a working account can use it to query the network and obtain information.
SOLUTION:
N/A
COMPLIANCE:
Type: CobIT
Section: DS5.4
Description: DS5.4 User Account Management Ensure that requesting, establishing, issuing, suspending, modifying and closing user accounts and related user privileges are addressed by user account management. An approval procedure outlining the data or system owner granting the access privileges should be included. These procedures should apply for all users, including administrators (privileged users), internal and external users, for normal and emergency cases. Rights and obligations relative to access to enterprise systems and information are contractually arranged for all types of users. Perform regular management review of all accounts and related privileges.

Type: GLBA
Section: N/A
Description: Ensure the confidentiality and protection of passwords through secure password creation and distribution mechanisms.

Type: HIPAA
Section: 164.308(a)(5)(ii)(D)
Description: Password management Procedures for creating, changing, and safeguarding passwords.

Type: SOX
Section: N/A
Description: User Access Management Granting resource access, user ID and password requirements, individual accountability, limited utilization of native administrative IDs, non-employee user ID expiration, reporting employee and contractor status changes. Operating System Access Control Password enforcement, logon information, password display and printing, required password changes, vendor default passwords, security changes after system compromise, systems software utility usage, automatic log off. Password Management Procedures exist that ensure the confidentiality and protection of passwords through secure password creation and distribution mechanisms, the enforcement and adherence to acceptable password standards, and the regular changing of passwords.

EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Effective Password Policy:

Mininum Password Length - 0 (Not defined/Infinite).
Password History Length - 0 (Not defined/Infinite).
Minimum Password Age - 0 (Not defined/Infinite).
Maximum Password Age - 42 Days.
Password Complexity - Set.
Store Password Using Reversible Encryption - Not Set.
Expand Severity Title Port/Service
2
Windows Domain Effective Account Lockout Policy Information Gathered Via SAM Database
QID:
45028
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
12/30/2003
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The Security and Accounts Manager (SAM) Database of any Windows host participating in a Windows Domain has information about the account lockout policy set on that system. Such information was gathered from the target and is shown in the Results section below.

It should be noted that if the Domain Controller/Active Directory on this domain enforces a policy as well, the Domain Controller policy will override the local policies (if any) of each host. Further, it takes up to a couple of minutes for changes on the Domain Controller policy to be propogated to all the individual hosts on that domain.

SOLUTION:
 
COMPLIANCE:
Type: CobIT
Section: DS5.4
Description: User Account Management Ensure that requesting, establishing, issuing, suspending, modifying and closing user accounts and related user privileges are addressed by user account management. An approval procedure outlining the data or system owner granting the access privileges should be included. These procedures should apply for all users, including administrators (privileged users), internal and external users, for normal and emergency cases. Rights and obligations relative to access to enterprise systems and information are contractually arranged for all types of users. Perform regular management review of all accounts and related privileges.

Type: GLBA
Section: N/A
Description: Ensure that accounts are locked after unsuccessful login attempts.

Type: HIPAA
Section: 164.312(a)(1)
Description: Standard: Access Control Implement technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to those persons or software programs that have been granted access rights as specified in 164.308(a)(4).

Type: SOX
Section: N/A
Description: Ensure that accounts are locked after unsuccessful login attempts and that failed login attempts are logged.

EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Effective Account Lockout Policy:

Maximum Failed Logon Attempts Before Lockout - 0 (Not defined/Infinite/Will Not Lockout).
Lockout Logon-Attempts-Counter Duration - 15 Minutes.
Lockout Duration - 15 Minutes.
Expand Severity Title Port/Service
2
Open DCE-RPC / MS-RPC Services List
QID:
70022
Category:
SMB / NETBIOS
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
06/06/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The following DCE-RPC / MS-RPC services are active on the remote host.
IMPACT:
N/A
SOLUTION:
Shut down any unknown or unused service on the list. In Windows, this is done in the "Services" Control Panel. In other environments, this usually requires editing a configuration file or start-up script. If you have provided Windows Authentication credentials, the Microsoft Registry service supporting the named pipe "\PIPE\winreg" must be present to allow CIFS to access the Registry.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
DescriptionVersionTCP PortsUDP PortsHTTP PortsNetBIOS/CIFS Pipes
DCE Endpoint Mapper3.0135 \PIPE\epmapper
DCE Remote Management1.0 \PIPE\epmapper
DCOM OXID Resolver0.0135 \PIPE\epmapper
DCOM Remote Activation0.0135 \PIPE\epmapper
DCOM System Activator0.0135 \PIPE\epmapper
Microsoft Event Log Service0.0 \PIPE\eventlog
Microsoft Local Security Architecture0.0 \PIPE\lsarpc
Microsoft Network Logon1.0 \PIPE\NETLOGON
Microsoft Registry1.0 \PIPE\winreg
Microsoft Scheduler Control Service1.0 \PIPE\atsvc
Microsoft Security Account Manager1.049155 \PIPE\samr, \pipe\lsass
Microsoft Server Service3.0 \PIPE\srvsvc
Microsoft Service Control Service2.057886 \PIPE\svcctl
Microsoft Spool Subsystem1.0 \PIPE\spoolss
Microsoft Task Scheduler1.0 \PIPE\atsvc
Microsoft Workstation Service1.0 \PIPE\wkssvc
(Unknown Service)1.0135
(Unknown Service)0.0135
(Unknown Service)2.0135
RPC ROUTER SERVICE1.0 \PIPE\ROUTER
Microsoft Spool Subsystem1.0 \PIPE\SPOOLSS
(Unknown Service)1.049152 \PIPE\InitShutdown
(Unknown Service)1.0 \PIPE\InitShutdown
Impl friendly name1.049154 \pipe\lsass, \PIPE\srvsvc, \PIPE\atsvc
Event log TCPIP1.049153 \pipe\eventlog
(Unknown Service)1.049154 \PIPE\srvsvc, \PIPE\atsvc
IKE/Authip API1.049154 \PIPE\atsvc
(Unknown Service)1.049154 \PIPE\atsvc
Spooler function endpoint1.057828 \pipe\spoolss
Spooler base remote object endpoint1.057828 \pipe\spoolss
Unimodem LRPC Endpoint1.0 \pipe\tapsrv
Expand Severity Title Port/Service
2
Host Uptime Based on TCP TimeStamp Option
QID:
82063
Category:
TCP/IP
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/29/2007
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The TCP/IP stack on the host supports the TCP TimeStamp (kind 8) option. Typically the timestamp used is the host's uptime (since last reboot) in various units (e.g., one hundredth of second, one tenth of a second, etc.). Based on this, we can obtain the host's uptime. The result is given in the Result section below.

Some operating systems (e.g., MacOS, OpenBSD) use a non-zero, probably random, initial value for the timestamp. For these operating systems, the uptime obtained does not reflect the actual uptime of the host; the former is always larger than the latter.

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Based on TCP timestamps obtained via port 111, the host's uptime is 1 days, 7 hours, and 31 minutes.
The TCP timestamps from the host are in units of 10 milliseconds.
Expand Severity Title Port/Service
2
Real Name of Built-in Guest Account Enumerated
QID:
90266
Category:
Windows
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
08/30/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Microsoft best practices documents recommend renaming the built-in Guest account. This test enumerates the actual name of the built-in Guest account.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
hsl.guest
Expand Severity Title Port/Service
2
Open RPC Services List port 111/tcp
QID:
9
Category:
RPC
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
01/01/1999
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
A port scanner was used to draw a map of all the RPC services accessible from the Internet.
IMPACT:
Unauthorized users can subsequently test vulnerabilities related to each of the services open.
SOLUTION:
Shut down any unknown or unused service on the list. To remove all RPC services, you cannot simply filter port 111 at the firewall because port 111 (the "portmap" service) only shows which ports the RPC services are listening on. Therefore, it cannot block access to these services. Disable the RPC services at the server level because each listens on an ephemeral UDP or TCP port.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
programversionprotocolportname
1000002udp111rpcbind
1000003udp111rpcbind
1000004udp111rpcbind
1000002tcp111rpcbind
1000003tcp111rpcbind
1000004tcp111rpcbind
3904361tcp8939390436
3904351tcp8686390435
3901131tcp7937nsrexec
1000051tcp1048mountd
1000052tcp1048mountd
1000053tcp1048mountd
1000051udp1048mountd
1000052udp1048mountd
1000053udp1048mountd
1000211tcp1047nlockmgr
1000212tcp1047nlockmgr
1000213tcp1047nlockmgr
1000214tcp1047nlockmgr
1000211udp1047nlockmgr
1000212udp1047nlockmgr
1000213udp1047nlockmgr
1000214udp1047nlockmgr
1000241tcp1039status
1000241udp1039status
1000032tcp2049nfs
1000033tcp2049nfs
1000032udp2049nfs
1000033udp2049nfs
Expand Severity Title Port/Service
1
DNS Host Name
QID:
6
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
01/01/1999
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The fully qualified domain name of this host, if it was obtained from a DNS server, is displayed in the RESULT section.
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
IP addressHost name
152.2.37.241intranet.hsl.unc.edu
Expand Severity Title Port/Service
1
Firewall Detected
QID:
34011
Category:
Firewall
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
10/16/2001
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
A packet filtering device protecting this IP was detected. This is likely to be a firewall or a router using access control lists (ACLs).
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Some of the ports filtered by the firewall are: 20, 21, 22, 23, 25, 53, 1, 7, 11, 67.

Listed below are the ports filtered by the firewall.
No response has been received when any of these ports is probed.
1-79,81-110,112-134,136-442,444,446-1038,1040-1046,1049-1705,1707-1999,
2001-2048,2050-2146,2148-2512,2514-2701,2703-3388,3390-5630,5632-5665,
5667-6128,6130-7936,7939-8685,8687-8938,8940-42423,42425-57827,57829-65535
Expand Severity Title Port/Service
1
Target Network Information
QID:
45004
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
08/15/2013
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The information shown in the Result section was returned by the network infrastructure responsible for routing traffic from our cloud platform to the target network (where the scanner appliance is located).

This information was returned from: 1) the WHOIS service, or 2) the infrastructure provided by the closest gateway server to our cloud platform. If your ISP is routing traffic, your ISP's gateway server returned this information.

IMPACT:
This information can be used by malicious users to gather more information about the network infrastructure that may help in launching attacks against it.
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
The network handle is: UNCCH-NET
Network description:
University of North Carolina at Chapel Hill
Expand Severity Title Port/Service
1
Internet Service Provider
QID:
45005
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
08/15/2013
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The information shown in the Result section was returned by the network infrastructure responsible for routing traffic from our cloud platform to the target network (where the scanner appliance is located).

This information was returned from: 1) the WHOIS service, or 2) the infrastructure provided by the closest gateway server to our cloud platform. If your ISP is routing traffic, your ISP's gateway server returned this information.This information was gathered using the WHOIS service for the network and is believed to be the ISP of the target network.

IMPACT:
This information can be used by malicious users to gather more information about the network infrastructure that may aid in launching further attacks against it.
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
The ISP network handle is: UNCCH-NET
ISP Network description:
University of North Carolina at Chapel Hill
Expand Severity Title Port/Service
1
Traceroute
QID:
45006
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/09/2003
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Traceroute describes the path in realtime from the scanner to the remote host being contacted. It reports the IP addresses of all the routers in between.
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
HopsIPRound Trip TimeProbe
1152.2.20.10.50msICMP
2152.19.253.1061.03msICMP
3152.19.255.171.09msICMP
4152.19.255.2101.20msICMP
5152.2.37.2410.96msICMP
Expand Severity Title Port/Service
1
Disabled Accounts Enumerated From SAM Database
QID:
45027
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
10/29/2003
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The Security Accounts Manager holds user and machine account information. The scanner found at least one disabled user or machine account in the SAM database for the target Windows machine. The accounts found are listed in the Results section.
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Disabled User/Machine Accounts:
hsl.guest
Expand Severity Title Port/Service
1
Administrator Account's Real Name Found From LSA Enumeration
QID:
45032
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
02/17/2004
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
LSA (Local Security Authority Database) is a protected subsystem that authenticates and logs users onto the local system.

Windows systems by default have the administrator account's name configured as "Administrator". This can very easily be changed to a non-default value (like root, for example) to harden security against password bruteforcing.

LSA, internally, refers to user accounts by what are called RIDs (Relative IDs) instead of the friendlier names (like "Administrator") used only for GUI and display purposes. The administrator account on any Windows system always has a RID of 500, even if the name has been changed.

The scanner probed the LSA for the name that maps to the RID of 500, which is the administrator account name, changed or unchanged. The name is listed in the Result section below.

SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Administrator
Expand Severity Title Port/Service
1
Host Scan Time
QID:
45038
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
11/18/2004
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The Host Scan Time is the period of time it takes the scanning engine to perform the vulnerability assessment of a single target host. The Host Scan Time for this host is reported in the Result section below.

The Host Scan Time does not have a direct correlation to the Duration time as displayed in the Report Summary section of a scan results report. The Duration is the period of time it takes the service to perform a scan task. The Duration includes the time it takes the service to scan all hosts, which may involve parallel scanning. It also includes the time it takes for a scanner appliance to pick up the scan task and transfer the results back to the service's Secure Operating Center. Further, when a scan task is distributed across multiple scanners, the Duration includes the time it takes to perform parallel host scanning on all scanners.

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Scan duration: 2312 seconds

Start time: Sat, Mar 23 2013, 17:08:23 GMT

End time: Sat, Mar 23 2013, 17:46:55 GMT
Expand Severity Title Port/Service
1
Host Names Found
QID:
45039
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
02/14/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The following host names were discovered for this computer using various methods such as DNS look up, NetBIOS query, and SQL server name query.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Host NameSource
HSL6.hsl.unc.eduNTLM DNS
intranet.hsl.unc.eduFQDN
HSL6NTLM NetBIOS
Expand Severity Title Port/Service
1
Windows Authentication Method
QID:
70028
Category:
SMB / NETBIOS
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
12/09/2008
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Windows authentication was performed. The Results section in your detailed results includes a list of authentication credentials used.

The service also attempts to authenticate using common credentials. You should verify that the credentials used for successful authentication were those that were provided in the Windows authentication record. User-provided credentials failed if the discovery method shows "Unable to log in using credentials provided by user, fallback to NULL session". If this is the case, verify that the credentials specified in the Windows authentication record are valid for this host.

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
User NameDOM qualys.scn
DomainAD
Authentication SchemeKerberos
SecurityUser-based
SMBv1 SigningEnabled
Discovery MethodLogin credentials provided by user
Authentication RecordAD.UNC.EDU Credentials
CIFS VersionSMB v2.002
Expand Severity Title Port/Service
1
Windows Authentication Method for User-Provided Credentials
QID:
70053
Category:
SMB / NETBIOS
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
11/05/2009
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Windows authentication was performed and successful with user-provided credentials. The Results section in your detailed results includes a list of authentication credentials used.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
User NameDOM qualys.scn
DomainAD
Authentication SchemeKerberos
SecurityUser-based
SMBv1 SigningEnabled
Authentication RecordAD.UNC.EDU Credentials
Expand Severity Title Port/Service
1
Open TCP Services List
QID:
82023
Category:
TCP/IP
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
06/15/2009
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The port scanner enables unauthorized users with the appropriate tools to draw a map of all services on this host that can be accessed from the Internet. The test was carried out with a "stealth" port scanner so that the server does not log real connections.

The Results section displays the port number (Port), the default service listening on the port (IANA Assigned Ports/Services), the description of the service (Description) and the service that the scanner detected using service discovery (Service Detected).

IMPACT:
Unauthorized users can exploit this information to test vulnerabilities in each of the open services.
SOLUTION:
Shut down any unknown or unused service on the list. If you have difficulty figuring out which service is provided by which process or program, contact your provider's support team. For more information about commercial and open-source Intrusion Detection Systems available for detecting port scanners of this kind, visit the CERT Web site.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
PortIANA Assigned Ports/ServicesDescriptionService DetectedOS On Redirected Port
80wwwWorld Wide Web HTTPhttp
111sunrpcSUN Remote Procedure Callrpc
135msrpc-epmapepmap DCE endpoint resolutionDCERPC Endpoint Mapper
443httpshttp protocol over TLS/SSLhttp over ssl
445microsoft-dsMicrosoft-DSmicrosoft-ds
1039unknownunknownrpc
1047neod1Sun's NEO Object Request Brokerrpc
1048neod2Sun's NEO Object Request Brokerrpc
2049nfsNetwork File System - Sun Microsystemsrpc
3389ms-wbt-serverMS WBT Serverwin remote desktop
5666unknownunknownunknown
7937unknownunknownrpc
7938unknownunknownrpc
8686unknownunknownrpc
8939unknownunknownrpc
57828unknownunknownunknown
Expand Severity Title Port/Service
1
ICMP Replies Received
QID:
82040
Category:
TCP/IP
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
01/16/2003
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
ICMP (Internet Control and Error Message Protocol) is a protocol encapsulated in IP packets. ICMP's principal purpose is to provide a protocol layer that informs gateways of the inter-connectivity and accessibility of other gateways or hosts.

We have sent the following types of packets to trigger the host to send us ICMP replies:

Echo Request (to trigger Echo Reply)
Timestamp Request (to trigger Timestamp Reply)
Address Mask Request (to trigger Address Mask Reply)
UDP Packet (to trigger Port Unreachable Reply)
IP Packet with Protocol >= 250 (to trigger Protocol Unreachable Reply)

Listed in the "Result" section are the ICMP replies that we have received.

SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
ICMP Reply TypeTriggered ByAdditional Information
Echo (type=0 code=0)Echo RequestEcho Reply
Expand Severity Title Port/Service
1
NetBIOS Host Name
QID:
82044
Category:
TCP/IP
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
01/20/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The NetBIOS host name of this computer has been detected.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
HSL6
Expand Severity Title Port/Service
1
Degree of Randomness of TCP Initial Sequence Numbers
QID:
82045
Category:
TCP/IP
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
11/19/2004
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
TCP Initial Sequence Numbers (ISNs) obtained in the SYNACK replies from the host are analyzed to determine how random they are. The average change between subsequent ISNs and the standard deviation from the average are displayed in the RESULT section. Also included is the degree of difficulty for exploitation of the TCP ISN generation scheme used by the host.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Average change between subsequent TCP initial sequence numbers is 1134674909 with a standard deviation of 656566550. These TCP initial sequence numbers were triggered by TCP SYN probes sent to the host at an average rate of 1/(7176 microseconds). The degree of difficulty to exploit the TCP initial sequence number generation scheme is: hard.
Expand Severity Title Port/Service
1
IP ID Values Randomness
QID:
82046
Category:
TCP/IP
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
07/27/2006
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The values for the identification (ID) field in IP headers in IP packets from the host are analyzed to determine how random they are. The changes between subsequent ID values for either the network byte ordering or the host byte ordering, whichever is smaller, are displayed in the RESULT section along with the duration taken to send the probes. When incremental values are used, as is the case for TCP/IP implementation in many operating systems, these changes reflect the network load of the host at the time this test was conducted.

Please note that for reliability reasons only the network traffic from open TCP ports is analyzed.

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
IP ID changes observed (network order) for port 80: 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1
Duration: 30 milli seconds
Expand Severity Title Port/Service
1
Windows Registry Key Access Denied
QID:
90195
Category:
Windows
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
03/24/2009
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Remote access to the following registry keys has been denied. Access to the Registry named pipe was successful, but remote access to the Registry keys in the Result section has been denied.
IMPACT:
Vulnerabilities that require registry key access may not have been detected during the scan. This QID can be used to debug authentication and permission issues with other QIDs. This QID is not a direct indication of problems or missing patches on the target system.
SOLUTION:
See the permissions assigned to the provided user authentication credentials. On Windows XP Professional use Classic for local network logins (default is Guest only, which prohibits Registry access). This may be set at Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\
HKLM\Software\Microsoft\Windows NT\
HKLM\Software\Microsoft\
HKLM\Software\
HKLM\Software\Microsoft\Windows\CurrentVersion\
HKLM\Software\Microsoft\Windows\
HKLM\SYSTEM\CurrentControlSet\Services\Qualys non existing key\
HKLM\SYSTEM\CurrentControlSet\Services\
HKLM\SYSTEM\CurrentControlSet\
HKLM\SYSTEM\
Expand Severity Title Port/Service
1
Microsoft Windows Network Level Authentication Disabled
QID:
90788
Category:
Windows
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/01/2013
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Microsoft Windows Network Level Authentication (NLA) is an authentication method that enhances the security of a Remote Desktop Session Host server by requiring the user to be authenticated before a session is created.

The registry key for the Network Level Authentication (NLA) is disabled.

Network Level Authentication is supported on Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2

IMPACT:
Enabling NLA can help protect the remote computer from malicious users and malicious software attacks.
SOLUTION:
See Microsoft Knowledge Base Article 2671387 to use the automated Microsoft Fix it solution to enable this feature.

As a precaution, always test in a QA or rehearsal environment before rolling out to production.

Note: Client computers that do not support Credential Security Support Provider (CredSSP) protocol will not be able to access servers protected with Network Level Authentication. Windows XP does not support the CredSSP protocol by default.

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
QID: 90788 detected on port 3389 over TCP.
Expand Severity Title Port/Service
1
Default Web Page port 80/tcp
QID:
12230
Category:
CGI
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
06/19/2006
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The Result section displays the default Web page for the Web server.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Content-Type: text/html; charset=UTF-8
Location: https://152.2.37.241/
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sat, 23 Mar 2013 17:09:11 GMT
Connection: close
Content-Length: 144

<head><title>Document Moved</title></head>
<body><h1>Object Moved</h1>This document may be found <a HREF="https://152.2.37.241/">here</a></body>
Expand Severity Title Port/Service
1
Default Web Page port 443/tcp over SSL
QID:
12230
Category:
CGI
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
06/19/2006
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The Result section displays the default Web page for the Web server.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Content-Type: text/html
Server: Microsoft-IIS/7.0
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
X-Powered-By: ASP.NET
Date: Sat, 23 Mar 2013 17:09:11 GMT
Connection: close
Content-Length: 1293

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
<title>401 - Unauthorized: Access is denied due to invalid credentials.</title>
<style type="text/css">
<!--
body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}
fieldset{padding:0 15px 10px 15px;}
h1{font-size:2.4em;margin:0;color:#FFF;}
h2{font-size:1.7em;margin:0;color:#CC0000;}
h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;}
#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;
background-color:#555555;}
#content{ma
Expand Severity Title Port/Service
1
SSL Server Information Retrieval port 443/tcp over SSL
QID:
38116
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
07/28/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:

The following is a list of supported SSL ciphers. Note: If a cipher is included in this list it means that it was possible to establish a SSL connection using that cipher. There are some web servers setups that allow connections to be established using a LOW grade cipher, only to provide a web page stating that the URL is accessible only through a non-LOW grade cipher. In this case even though LOW grade cipher will be listed here QID 38140 will not be reported.

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
CIPHERKEY-EXCHANGEAUTHENTICATIONMACENCRYPTION(KEY-STRENGTH)GRADE
SSLv2 PROTOCOL IS ENABLED
DES-CBC3-MD5RSARSAMD53DES(168) HIGH
RC4-MD5RSARSAMD5RC4(128) MEDIUM
SSLv3 PROTOCOL IS ENABLED
SSLv3COMPRESSION METHODNone
DES-CBC3-MD5RSARSAMD53DES(168) HIGH
RC4-MD5RSARSAMD5RC4(128) MEDIUM
DES-CBC3-SHARSARSASHA13DES(168) HIGH
RC4-SHARSARSASHA1RC4(128) MEDIUM
TLSv1 PROTOCOL IS ENABLED
TLSv1COMPRESSION METHODNone
DES-CBC3-MD5RSARSAMD53DES(168) HIGH
RC4-MD5RSARSAMD5RC4(128) MEDIUM
DES-CBC3-SHARSARSASHA13DES(168) HIGH
RC4-SHARSARSASHA1RC4(128) MEDIUM
ECDHE-RSA-AES256-SHAECDHRSASHA1AES(256) HIGH
AES256-SHARSARSASHA1AES(256) HIGH
ECDHE-RSA-AES128-SHAECDHRSASHA1AES(128) MEDIUM
AES128-SHARSARSASHA1AES(128) MEDIUM
Expand Severity Title Port/Service
1
SSL Session Caching Information port 443/tcp over SSL
QID:
38291
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
09/16/2004
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
SSL session is a collection of security parameters that are negotiated by the SSL client and server for each SSL connection. SSL session caching is targeted to reduce the overhead of negotiations in recurring SSL connections. SSL sessions can be reused to resume an earlier connection or to establish multiple simultaneous connections. The client suggests an SSL session to be reused by identifying the session with a Session-ID during SSL handshake. If the server finds it appropriate to reuse the session, then they both proceed to secure communication with already known security parameters.

This test determines if SSL session caching is enabled on the host.

IMPACT:
SSL session caching is part of the SSL and TLS protocols and is not a security threat. The result of this test is for informational purposes only.
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
SSLv3 session caching is enabled on the target.TLSv1 session caching is enabled on the target.
Expand Severity Title Port/Service
1
SSL/TLS invalid protocol version tolerance port 443/tcp over SSL
QID:
38597
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
02/13/2012
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
SSL/TLS protocols have different version that can be supported by both the client and the server. This test attempts to send invalid protocol versions to the target in order to find out what is the targets behavior. The results section contains a table that indicates what was the target's response to each of our tests.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
my versiontarget version
03040301
03990301
04000301
04990301
Expand Severity Title Port/Service
1
TLS Secure Renegotiation Extension Supported port 443/tcp over SSL
QID:
42350
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
12/01/2011
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Secure Socket Layer (SSL) and Transport Layer Security (TLS) renegotiation are vulnerable to an attack in which the attacker forms a TLS connection with the target server, injects content of his choice, and then splices in a new TLS connection from a client. The server treats the client's initial TLS handshake as a renegotiation and thus believes that the initial data transmitted by the attacker is from the same entity as the subsequent client data. TLS protocol was extended to cryptographically tierenegotiations to the TLS connections they are being performed over, This is referred to as TLS secure renegotiation extension. This detection determines whether the TLS secure renegotiation extension is supported by the server or not.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
TLS Secure Renegotiation Extension Status: supported.
Expand Severity Title Port/Service
1
SSL Certificate - Information port 443/tcp over SSL
QID:
86002
Category:
Web server
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
01/23/2003
User Modified:
-
Edited:
No
PCI Vuln:
No
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
NAMEVALUE
(0)CERTIFICATE 0
(0)Version3 (0x2)
(0)Serial Number 04:7d:cc:55:8f:bd:91
(0)Signature Algorithmsha1WithRSAEncryption
(0)ISSUER NAME
countryNameUS
stateOrProvinceNameArizona
localityNameScottsdale
organizationName"GoDaddy.com, Inc."
organizationalUnitNamehttp://certificates.godaddy.com/repository
commonNameGo Daddy Secure Certification Authority
serialNumber07969287
(0)SUBJECT NAME
organizationName*.hsl.unc.edu
organizationalUnitNameDomain Control Validated
commonName*.hsl.unc.edu
(0)Valid FromJul 19 13:27:48 2011 GMT
(0)Valid TillJul 6 12:14:14 2014 GMT
(0)Public Key AlgorithmrsaEncryption
(0)RSA Public Key(2048 bit)
(0) Public-Key: (2048 bit)
(0) Modulus:
(0) 00:ad:59:57:36:2f:21:09:19:be:22:98:5f:78:76:
(0) ae:fc:8f:57:af:33:d7:2c:60:28:67:29:08:7c:8c:
(0) 50:7c:08:aa:ab:0f:a3:85:8c:6b:e0:2c:59:44:6c:
(0) d8:28:fc:2d:a1:77:b1:bc:90:22:92:da:f0:f2:6f:
(0) 68:c9:1d:0d:4f:54:08:9c:e1:47:3a:1b:01:84:b0:
(0) af:3d:79:db:6c:42:9c:79:9c:22:5a:55:ef:14:f3:
(0) 0a:0b:f0:9e:e6:32:ae:f2:d1:1e:2c:86:27:a4:49:
(0) 9e:a4:28:6b:83:56:5f:10:69:54:70:44:8b:1e:93:
(0) f8:f3:07:41:4b:22:a6:e0:6c:98:7c:1d:f5:f8:92:
(0) 8e:b7:b5:36:ee:41:c4:0d:a4:06:d0:b7:21:ca:d2:
(0) cc:b1:5e:68:c8:72:e2:ee:32:e8:89:7f:23:d2:63:
(0) ff:d1:54:1e:cf:e8:02:7e:b5:5d:92:8d:2a:6b:12:
(0) e1:16:78:d9:28:a4:6e:c8:68:95:27:42:7d:12:d5:
(0) d3:8f:27:5c:e8:73:b4:0f:29:d7:d8:aa:c0:6e:54:
(0) 6d:44:39:a9:17:ac:7c:3f:f5:25:3d:85:fb:c7:fc:
(0) ee:61:df:4e:2c:fe:31:b4:d2:06:78:c2:31:94:0d:
(0) db:35:07:25:c9:e0:5a:1e:ba:3d:35:10:98:02:6d:
(0) b2:83
(0) Exponent: 65537 (0x10001)
(0)X509v3 EXTENSIONS
(0)X509v3 Basic Constraintscritical
(0) CA:FALSE
(0)X509v3 Extended Key Usage TLS Web Server Authentication, TLS Web Client Authentication
(0)X509v3 Key Usagecritical
(0) Digital Signature, Key Encipherment
(0)X509v3 CRL Distribution Points
(0) Full Name:
(0) URI:http://crl.godaddy.com/gds1-53.crl
(0)X509v3 Certificate Policies Policy: 2.16.840.1.114413.1.7.23.1
(0) CPS: https://certs.godaddy.com/repository/
(0)Authority Information Access OCSP - URI:http://ocsp.godaddy.com/
(0) CA Issuers - URI:http://certificates.godaddy.com/repository/gd_intermediate.crt
(0)X509v3 Authority Key Identifier keyid:FD:AC:61:32:93:6C:45:D6:E2:EE:85:5F:9A:BA:E7:76:99:68:CC:E7
(0)X509v3 Subject Alternative Name DNS:*.hsl.unc.edu, DNS:hsl.unc.edu
(0)X509v3 Subject Key Identifier D1:F4:C6:CD:D1:B3:E3:F6:FE:AC:48:D7:6A:43:79:2B:40:4B:45:06
(0)Signature(256 octets)
(0) 01:84:b1:4a:28:df:b4:29:3c:6d:c7:d8:2a:a0:b3:39
(0) 9c:b6:49:78:f1:01:4c:35:79:a0:7d:22:7c:5f:c3:41
(0) 39:e6:25:5b:2c:f6:e7:ba:05:92:94:6a:78:d2:24:c8
(0) 78:4f:bb:84:a0:a1:0b:39:ea:f2:de:a4:aa:45:0f:17
(0) ec:9b:a3:74:a9:23:1f:92:64:12:58:c5:5d:8c:e1:b8
(0) 05:6b:55:ee:31:3e:d1:27:23:ff:60:e9:ce:f2:2c:98
(0) 0c:4e:74:d3:48:81:83:93:c5:96:b7:45:22:b6:e5:12
(0) 6f:b0:a1:80:29:37:92:c6:6e:65:03:3c:21:bc:fa:f4
(0) d9:dd:3e:e9:b6:af:ad:fa:7c:09:00:32:35:3b:60:c4
(0) f5:e3:8f:95:5e:0e:f4:e2:e6:72:6c:16:70:0d:c1:a4
(0) 3b:dc:5b:94:9d:20:67:89:ab:10:5b:c3:9c:7f:3b:4e
(0) 30:0b:ab:ff:02:6c:02:de:20:a9:01:0d:fa:f2:8c:30
(0) 2e:1c:00:3e:90:8d:e8:72:2a:5b:1c:ef:3c:00:a8:a5
(0) 17:18:29:1a:00:87:51:62:c8:c4:b3:7a:b9:8f:6b:2d
(0) 1e:9f:ca:af:6b:68:0f:c5:66:51:29:85:88:11:18:a1
(0) f9:d6:f5:0c:ce:18:0c:64:aa:87:33:05:d2:2e:63:c6
(1)CERTIFICATE 1
(1)Version3 (0x2)
(1)Serial Number769 (0x301)
(1)Signature Algorithmsha1WithRSAEncryption
(1)ISSUER NAME
countryNameUS
organizationName"The Go Daddy Group, Inc."
organizationalUnitNameGo Daddy Class 2 Certification Authority
(1)SUBJECT NAME
countryNameUS
stateOrProvinceNameArizona
localityNameScottsdale
organizationName"GoDaddy.com, Inc."
organizationalUnitNamehttp://certificates.godaddy.com/repository
commonNameGo Daddy Secure Certification Authority
serialNumber07969287
(1)Valid FromNov 16 01:54:37 2006 GMT
(1)Valid TillNov 16 01:54:37 2026 GMT
(1)Public Key AlgorithmrsaEncryption
(1)RSA Public Key(2048 bit)
(1) Public-Key: (2048 bit)
(1) Modulus:
(1) 00:c4:2d:d5:15:8c:9c:26:4c:ec:32:35:eb:5f:b8:
(1) 59:01:5a:a6:61:81:59:3b:70:63:ab:e3:dc:3d:c7:
(1) 2a:b8:c9:33:d3:79:e4:3a:ed:3c:30:23:84:8e:b3:
(1) 30:14:b6:b2:87:c3:3d:95:54:04:9e:df:99:dd:0b:
(1) 25:1e:21:de:65:29:7e:35:a8:a9:54:eb:f6:f7:32:
(1) 39:d4:26:55:95:ad:ef:fb:fe:58:86:d7:9e:f4:00:
(1) 8d:8c:2a:0c:bd:42:04:ce:a7:3f:04:f6:ee:80:f2:
(1) aa:ef:52:a1:69:66:da:be:1a:ad:5d:da:2c:66:ea:
(1) 1a:6b:bb:e5:1a:51:4a:00:2f:48:c7:98:75:d8:b9:
(1) 29:c8:ee:f8:66:6d:0a:9c:b3:f3:fc:78:7c:a2:f8:
(1) a3:f2:b5:c3:f3:b9:7a:91:c1:a7:e6:25:2e:9c:a8:
(1) ed:12:65:6e:6a:f6:12:44:53:70:30:95:c3:9c:2b:
(1) 58:2b:3d:08:74:4a:f2:be:51:b0:bf:87:d0:4c:27:
(1) 58:6b:b5:35:c5:9d:af:17:31:f8:0b:8f:ee:ad:81:
(1) 36:05:89:08:98:cf:3a:af:25:87:c0:49:ea:a7:fd:
(1) 67:f7:45:8e:97:cc:14:39:e2:36:85:b5:7e:1a:37:
(1) fd:16:f6:71:11:9a:74:30:16:fe:13:94:a3:3f:84:
(1) 0d:4f
(1) Exponent: 65537 (0x10001)
(1)X509v3 EXTENSIONS
(1)X509v3 Subject Key Identifier FD:AC:61:32:93:6C:45:D6:E2:EE:85:5F:9A:BA:E7:76:99:68:CC:E7
(1)X509v3 Authority Key Identifier keyid:D2:C4:B0:D2:91:D4:4C:11:71:B3:61:CB:3D:A1:FE:DD:A8:6A:D4:E3
(1)X509v3 Basic Constraintscritical
(1) CA:TRUE, pathlen:0
(1)Authority Information Access OCSP - URI:http://ocsp.godaddy.com
(1)X509v3 CRL Distribution Points
(1) Full Name:
(1) URI:http://certificates.godaddy.com/repository/gdroot.crl
(1)X509v3 Certificate Policies Policy: X509v3 Any Policy
(1) CPS: http://certificates.godaddy.com/repository
(1)X509v3 Key Usagecritical
(1) Certificate Sign, CRL Sign
(1)Signature(256 octets)
(1) d2:86:c0:ec:bd:f9:a1:b6:67:ee:66:0b:a2:06:3a:04
(1) 50:8e:15:72:ac:4a:74:95:53:cb:37:cb:44:49:ef:07
(1) 90:6b:33:d9:96:f0:94:56:a5:13:30:05:3c:85:32:21
(1) 7b:c9:c7:0a:a8:24:a4:90:de:46:d3:25:23:14:03:67
(1) c2:10:d6:6f:0f:5d:7b:7a:cc:9f:c5:58:2a:c1:c4:9e
(1) 21:a8:5a:f3:ac:a4:46:f3:9e:e4:63:cb:2f:90:a4:29
(1) 29:01:d9:72:2c:29:df:37:01:27:bc:4f:ee:68:d3:21
(1) 8f:c0:b3:e4:f5:09:ed:d2:10:aa:53:b4:be:f0:cc:59
(1) 0b:d6:3b:96:1c:95:24:49:df:ce:ec:fd:a7:48:91:14
(1) 45:0e:3a:36:6f:da:45:b3:45:a2:41:c9:d4:d7:44:4e
(1) 3e:b9:74:76:d5:a2:13:55:2c:c6:87:a3:b5:99:ac:06
(1) 84:87:7f:75:06:fc:bf:14:4c:0e:cc:6e:c4:df:3d:b7
(1) 12:71:f4:e8:f1:51:40:22:28:49:e0:1d:4b:87:a8:34
(1) cc:06:a2:dd:12:5a:d1:86:36:64:03:35:6f:6f:77:6e
(1) eb:f2:85:50:98:5e:ab:03:53:ad:91:23:63:1f:16:9c
(1) cd:b9:b2:05:63:3a:e1:f4:68:1b:17:05:35:95:53:ee
(2)CERTIFICATE 2
(2)Version3 (0x2)
(2)Serial Number269 (0x10d)
(2)Signature Algorithmsha1WithRSAEncryption
(2)ISSUER NAME
localityNameValiCert Validation Network
organizationName"ValiCert, Inc."
organizationalUnitNameValiCert Class 2 Policy Validation Authority
commonNamehttp://www.valicert.com/
emailAddressinfo@valicert.com
(2)SUBJECT NAME
countryNameUS
organizationName"The Go Daddy Group, Inc."
organizationalUnitNameGo Daddy Class 2 Certification Authority
(2)Valid FromJun 29 17:06:20 2004 GMT
(2)Valid TillJun 29 17:06:20 2024 GMT
(2)Public Key AlgorithmrsaEncryption
(2)RSA Public Key(2048 bit)
(2) Public-Key: (2048 bit)
(2) Modulus:
(2) 00:de:9d:d7:ea:57:18:49:a1:5b:eb:d7:5f:48:86:
(2) ea:be:dd:ff:e4:ef:67:1c:f4:65:68:b3:57:71:a0:
(2) 5e:77:bb:ed:9b:49:e9:70:80:3d:56:18:63:08:6f:
(2) da:f2:cc:d0:3f:7f:02:54:22:54:10:d8:b2:81:d4:
(2) c0:75:3d:4b:7f:c7:77:c3:3e:78:ab:1a:03:b5:20:
(2) 6b:2f:6a:2b:b1:c5:88:7e:c4:bb:1e:b0:c1:d8:45:
(2) 27:6f:aa:37:58:f7:87:26:d7:d8:2d:f6:a9:17:b7:
(2) 1f:72:36:4e:a6:17:3f:65:98:92:db:2a:6e:5d:a2:
(2) fe:88:e0:0b:de:7f:e5:8d:15:e1:eb:cb:3a:d5:e2:
(2) 12:a2:13:2d:d8:8e:af:5f:12:3d:a0:08:05:08:b6:
(2) 5c:a5:65:38:04:45:99:1e:a3:60:60:74:c5:41:a5:
(2) 72:62:1b:62:c5:1f:6f:5f:1a:42:be:02:51:65:a8:
(2) ae:23:18:6a:fc:78:03:a9:4d:7f:80:c3:fa:ab:5a:
(2) fc:a1:40:a4:ca:19:16:fe:b2:c8:ef:5e:73:0d:ee:
(2) 77:bd:9a:f6:79:98:bc:b1:07:67:a2:15:0d:dd:a0:
(2) 58:c6:44:7b:0a:3e:62:28:5f:ba:41:07:53:58:cf:
(2) 11:7e:38:74:c5:f8:ff:b5:69:90:8f:84:74:ea:97:
(2) 1b:af
(2) Exponent: 3 (0x3)
(2)X509v3 EXTENSIONS
(2)X509v3 Subject Key Identifier D2:C4:B0:D2:91:D4:4C:11:71:B3:61:CB:3D:A1:FE:DD:A8:6A:D4:E3
(2)X509v3 Authority Key Identifier DirName:/L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert Class 2 Policy Validation Authority/CN=http://www.valicert.com//emailAddress=info@valicert.com
(2) serial:01
(2)X509v3 Basic Constraintscritical
(2) CA:TRUE
(2)Authority Information Access OCSP - URI:http://ocsp.godaddy.com
(2)X509v3 CRL Distribution Points
(2) Full Name:
(2) URI:http://certificates.godaddy.com/repository/root.crl
(2)X509v3 Certificate Policies Policy: X509v3 Any Policy
(2) CPS: http://certificates.godaddy.com/repository
(2)X509v3 Key Usagecritical
(2) Certificate Sign, CRL Sign
(2)Signature(128 octets)
(2) b5:40:f9:a7:1d:f6:ea:fe:a4:1a:42:5a:44:f7:15:d4
(2) 85:46:89:c0:be:9e:e3:e3:eb:c5:e3:58:89:8f:92:9f
(2) 57:a8:71:2c:48:d1:81:b2:79:1f:ac:06:35:19:b0:4e
(2) 0e:58:1b:14:b3:98:81:d1:04:1e:c8:07:c9:83:9f:78
(2) 44:0a:18:0b:98:dc:76:7a:65:0d:0d:6d:80:c4:0b:01
(2) 1c:cb:ad:47:3e:71:be:77:4b:cc:06:77:d0:f4:56:6b
(2) 1f:4b:13:9a:14:8a:88:23:a8:51:f0:83:4c:ab:35:bf
(2) 46:7e:39:dc:75:a4:ae:e8:29:fb:ef:39:8f:4f:55:67
Expand Severity Title Port/Service
1
Web Server Supports HTTP Request Pipelining port 443/tcp over SSL
QID:
86565
Category:
Web server
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
02/22/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Version 1.1 of the HTTP protocol supports URL-Request Pipelining. This means that instead of using the "Keep-Alive" method to keep the TCP connection alive over multiple requests, the protocol allows multiple HTTP URL requests to be made in the same TCP packet. Any Web server which is HTTP 1.1 compliant should then process all the URLs requested in the single TCP packet and respond as usual.

The target Web server was found to support this functionality of the HTTP 1.1 protocol.

IMPACT:
Support for URL-Request Pipelining has interesting consequences. For example, as explained in this paper by Daniel Roelker, it can be used for evading detection by Intrusion Detection Systems. Also, it can be used in HTTP Response-Spliting style attacks.
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
GET / HTTP/1.1
Host:152.2.37.241:443

GET /Q_Evasive/ HTTP/1.1
Host:152.2.37.241:443



HTTP/1.1 401 Unauthorized
Content-Type: text/html
Server: Microsoft-IIS/7.0
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
X-Powered-By: ASP.NET
Date: Sat, 23 Mar 2013 17:09:30 GMT
Content-Length: 1293

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
<title>401 - Unauthorized: Access is denied due to invalid credentials.</title>
<style type="text/css">
<!--
body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}
fieldset{padding:0 15px 10px 15px;}
h1{font-size:2.4em;margin:0;color:#FFF;}
h2{font-size:1.7em;margin:0;color:#CC0000;}
h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;}
#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;
background-color:#555555;}
#content{margin:0 0 0 2%;position:relative;}
.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}
-->
</style>
</head>
<body>
<div id="header"><h1>Server Error</h1></div>
<div id="content">
<div class="content-container"><fieldset>
<h2>401 - Unauthorized: Access is denied due to invalid credentials.</h2>
<h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3>
</fieldset></div>
</div>
</body>
</html>
HTTP/1.1 401 Unauthorized
Content-Type: text/html
Server: Microsoft-IIS/7.0
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
X-Powered-By: ASP.NET
Date: Sat, 23 Mar 2013 17:09:30 GMT
Content-Length: 1293

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
<title>401 - Unauthorized: Access is denied due to invalid credentials.</title>
<style type="text/css">
<!--
body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}
fieldset{padding:0 15px 10px 15px;}
h1{font-size:2.4em;margin:0;color:#FFF;}
h2{font-size:1.7em;margin:0;color:#CC0000;}
h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;}
#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;
background-color:#555555;}
#content{margin:0 0 0 2%;position:relative;}
.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}
-->
</style>
</head>
<body>
<div id="header"><h1>Server Error</h1></div>
<div id="content">
<div class="content-container"><fieldset>
<h2>401 - Unauthorized: Access is denied due to invalid credentials.</h2>
<h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3>
</fieldset></div>
</div>
</body>
</html>
Expand Severity Title Port/Service
1
Adobe ColdFusion Detected on Remote Host intranet.hsl.unc.edu:443/tcp
QID:
12351
Category:
CGI
CVE ID:
-
Vendor Reference
Adobe ColdFusion
Bugtraq ID:
-
Service Modified:
04/22/2010
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Adobe ColdFusion is a application development platform for building, deploying, and maintaining Internet applications for the enterprise.

Adobe ColdFusion is running on this Web server.

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Adobe ColdFusion detected on this host on port: 443
QID:12351 detected on port 443 over TCP.
Expand Severity Title Port/Service
1
Microsoft IIS Server Detected intranet.hsl.unc.edu:443/tcp
QID:
45104
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
07/13/2009
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Microsoft Internet Information Services (IIS) Web Server was detected on the target host.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Microsoft-IIS/7.0
Expand Severity Title Port/Service
1
SSL Web Server Version intranet.hsl.unc.edu:443/tcp
QID:
86001
Category:
Web server
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
01/01/1999
User Modified:
-
Edited:
No
PCI Vuln:
No
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Server VersionServer Banner
Microsoft-IIS/7.0Microsoft-IIS/7.0
Expand Severity Title Port/Service
1
List of Web Directories intranet.hsl.unc.edu:443/tcp
QID:
86672
Category:
Web server
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
09/10/2004
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Based largely on the HTTP reply code, the following directories are most likely present on the host.
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
DirectorySource
/cfide/administrator/brute force
/cfide/Administrator/brute force
/CFIDE/brute force
/CFIDEbrute force
/CFIDE/web page
/CFIDE/administrator/web page
/CFIDE/administratorweb page
Expand Severity Title Port/Service
1
Microsoft IIS Server Detected intranet.hsl.unc.edu:80/tcp
QID:
45104
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
07/13/2009
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Microsoft Internet Information Services (IIS) Web Server was detected on the target host.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Microsoft-IIS/7.0
Expand Severity Title Port/Service
1
Web Server Version intranet.hsl.unc.edu:80/tcp
QID:
86000
Category:
Web server
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
01/01/1999
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
N/A
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Server VersionServer Banner
Microsoft-IIS/7.0Microsoft-IIS/7.0
Expand Severity Title Port/Service
1
List of Web Directories intranet.hsl.unc.edu:80/tcp
QID:
86672
Category:
Web server
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
09/10/2004
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Based largely on the HTTP reply code, the following directories are most likely present on the host.
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
DirectorySource
/admin/web page
Expand Severity Title Port/Service
3
Enabled DCOM
 
QID:
90042
Category:
Windows
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
08/29/2013
User Modified:
04/22/2013
Edited:
Yes
PCI Vuln:
Yes
CVSS Base:
0[1]
CVSS Temporal:
0
THREAT:
The Distributed Component Object Model (DCOM) is a protocol that enables software components to communicate directly over a network. The Distributed Component Object Model (DCOM) is enabled on this system.
IMPACT:
Buffer overflow vulnerabilities have been discovered previously in the DCOM implementation in most versions of Windows. Microsoft has issued several advisories and patches (MS03-026, MS03-039, MS08-067 to address several DCOM and RPC vulnerabilities.

Gimmiv.A malware has also been reported to exploit a vulnerability in RPC DCOM.

DCOM enabled attracts Internet worms and permits your system to be remotely compromised by malicious hackers.

SOLUTION:
Refer to Microsoft article Best Practices for Mitigating RPC and DCOM Vulnerabilities to obtain information on vulnerabilities in DCOM and ways to mitigate those vulnerabilities.

Information on disabling DCOM can be found at the Microsoft Technet article called How to Disable DCOM Support in Windows.

For disabling DCOM on Windows 7, Windows 7, Windows 8, Windows Server 2008, Windows Server 2008 R2, and Windows Server 2012 refer to Microsoft's article Enable or Disable DCOM.

SOLUTION COMMENTS:
For those Windows system managed with SCCM: The UNC-Chapel Hill Information Security Office does not recommend disabling DCOM because it is required by management tools, such as System Center Configuration Manager.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
HKLM\SOFTWARE\Microsoft\Ole EnableDCOM = Y
Expand Severity Title Port/Service
3
Microsoft Windows Enterprise Hotfix Rollup (KB2775511)
 
QID:
90872
Category:
Windows
CVE ID:
-
Vendor Reference
KB2775511
Bugtraq ID:
-
Service Modified:
05/20/2013
User Modified:
-
Edited:
No
PCI Vuln:
No
CVSS Base:
2.4[1]
CVSS Temporal:
1.8
THREAT:
Microsoft released a hotfix rollup for Windows 7 Service Pack 1 (SP1)-based and Windows Server 2008 R2 SP1-based computers.

This hotfix rollup contains 90 hotfixes that were released after the release of SP1 for Windows 7 and Windows Server 2008 R2.

Microsoft recommend that users should apply this hotfix rollup as part of your regular maintenance routine and build processes for Windows 7 and Windows Server 2008 R2 computers.

IMPACT:
The vulnerabilities can be exploited to affect confidentiality, integrity, and availability.
SOLUTION:
The vendor has released advisories and updates to fix these vulnerabilities. Refer to the following link for further details: KB2775511

Patch:
Following are links for downloading patches to fix the vulnerabilities:

KB2775511: Windows

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
%windir%\System32\Spoolsv.exe Version is 6.1.7601.17777
Expand Severity Title Port/Service
3
Insecure Microsoft Internet Explorer Intranet Zone User Setting Detected
 
QID:
100012
Category:
Internet Explorer
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/31/2011
User Modified:
-
Edited:
No
PCI Vuln:
Yes
CVSS Base:
0[1]
CVSS Temporal:
0
THREAT:
Some users at the Windows machine have an insecure intranet zone setting. The Internet options are set on a per user basis, and it is very important to keep these settings secure. Even in an intranet environment, it is essential to keep the Internet Explorer security settings at the recommended minimum level.
IMPACT:
A remote attacker may be able to execute local code by presenting a malicious Web page.
SOLUTION:
Workaround:
It is important to have an Internet zone setting of at least medium low. Setting it to high and adding reliable and safe sites in the trusted zone provides better security.

To change the settings, go to Control Panel-> Internet Options-> Security tab.

To interpret the results section, please refer to KB182569 for IE6 and IE7.
Refer to Site to Zone Assignment Section 3 for Group Policy Settings in IE8.
Refer to Internet Explorer 9 Security Settings for IE9.

Also refer to BB457144 article from Microsoft.

The following minimal settings are recommended to be set in the registry for each user in the hive:
Download Signed ActiveX Controls - Prompt (minimum)
Download unsigned ActiveX controls - Disable
Initialize and script ActiveX controls not marked as safe - Disable
Access data sources across domains - Prompt (minimum)
Display mixed content - Prompt (minimum)
Installation of desktop items - Prompt (minimum)
Launching programs and files in an IFRAME - Prompt (minimum)
Allow web pages to use restricted protocols for active content - Prompt (minimum)
Open files based on content, not file extension - Enable
Submit non-encrypted form data - Prompt (minimum)

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Security_HKLM_only is missing.
Key: Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Setting: Submit non-encrypted form data
User: Domain_Administrator VAL: Enabled
HKLM\Software\Microsoft\Internet Explorer Version exists.
Expand Severity Title Port/Service
3
Microsoft Internet Explorer 9 "Iedvtool.dll" Malformed HTML Denial of Service - Zero Day
 
QID:
100106
Category:
Internet Explorer
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
49165
Service Modified:
08/17/2011
User Modified:
-
Edited:
No
PCI Vuln:
No
CVSS Base:
6.8[1]
CVSS Temporal:
5.8
THREAT:
Microsoft Internet Explorer is a browser available for multiple platforms.

The browser is exposed to a remote denial of service issue. This issue occurs because of a NULL pointer deference error in the "Iedvtool.dll" file, when parsing malformed HTML pages.

Affected Versions:
The issue is confirmed in Internet Explorer 9.

IMPACT:
Successfully exploiting this vulnerability can cause a denial of service.
SOLUTION:
There are no vendor-supplied patches available at this time.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
HKLM\SOFTWARE\Microsoft\Internet Explorer Version = 9.0.8112.16421
Expand Severity Title Port/Service
3
Microsoft Internet Explorer Mouse Tracking Events Design Error Vulnerability
 
QID:
100131
Category:
Internet Explorer
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
56921
Service Modified:
01/18/2013
User Modified:
-
Edited:
No
PCI Vuln:
Yes
CVSS Base:
4.3[1]
CVSS Temporal:
3.7
THREAT:
Microsoft Internet Explorer is a Web browser for Microsoft Windows.

Internet Explorer is exposed to an information disclosure vulnerability.

Affected Versions:
Internet Explorer 6 through 10.

IMPACT:
If this vulnerability is successfully exploited, attackers can monitor the position of the mouse even when the browser window is minimized or out of focus.
SOLUTION:
There are no vendor supplied patches available at this time.

Workaround:
Use a different browser than Internet Explorer until a patch becomes available.

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
HKLM\SOFTWARE\Microsoft\Internet Explorer Version = 9.0.8112.16421
Microsoft Internet Explorer Mouse Tracking Events Design Error Vulnerability
Expand Severity Title Port/Service
3
Microsoft Internet Explorer Stack Exhaustion Denial of Service Vulnerability
 
QID:
100132
Category:
Internet Explorer
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
08/21/2013
User Modified:
01/03/2013
Edited:
Yes
PCI Vuln:
No
CVSS Base:
4.3[1]
CVSS Temporal:
3.7
THREAT:
Internet Explorer is a graphical web browser developed by Microsoft and included as part of the Microsoft Windows operating systems.

Microsoft Internet Explorer is vulnerable to a stack exhaustion condition that could allow an unauthenticated, remote attacker to cause a denial of service on a targeted system. The attacker could entice the targeted user into visiting a malicious webpage or by following a crafted link.

Since this is a stack exhaustion condition, this vulnerability may not be typically exploited for code execution. Internet Explorer 10 is not vulnerable to this issue. More details about the vulnerability can be found at this link.

Affected Software:
Microsoft Internet Explorer versions 9 and 8.

IMPACT:
An unauthenticated remote attacker could exploit this vulnerability to cause a denial of service on the targeted system.

SOLUTION:
Microsoft has not confirmed this vulnerability and updated software is not available.

Workaround:
Users are advised to observe caution when following links and content from untrusted sources.
Users may consider upgrading to Internet Explorer version 10 on compatible systems.

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
%ProgramFiles%\Internet Explorer\iexplore.exe File Version is 9.0.8112.16470
HKLM\SOFTWARE\Microsoft\Internet Explorer Version = 9.0.8112.16421
Expand Severity Title Port/Service
3
EOL/Obsolete Software: Oracle Java SE/JRE/JDK 6/1.6 Detected
 
QID:
105490
Category:
Security Policy
CVE ID:
-
Vendor Reference
Oracle Java SE Support Roadmap
Bugtraq ID:
-
Service Modified:
05/22/2013
User Modified:
07/23/2013
Edited:
Yes
PCI Vuln:
Yes
CVSS Base:
9.3[1]
CVSS Temporal:
6.9
THREAT:
Java Platform, Standard Edition (Java SE) lets you develop and deploy Java applications on desktops, servers, and embedded environments, while offering user interface, performance, versatility, portability, and security that applications require. Java Runtime Environment (JRE) allows you to run Java applications and applets. To develop Java applications and applets, you need the Java Development Kit (JDK), which includes the JRE.

Starting March 2013, Oracle will no longer post updates of Java SE 6/1.6 to its public download sites as it has reached end of life support. Existing Java SE 6/1.6 downloads already posted as of February 2013 will remain accessible in the Java Archive on Oracle Technology Network.

Developers and end-users are encouraged to update to more recent Java SE versions that remain available for public download.

THREAT COMMENTS:
VPR has dropped to level 3. Review monthly for relevance to your environment. Move to 7 if you can do that and still meet your business needs.
IMPACT:
The system is at high risk of being exposed to security vulnerabilities. Since the vendor no longer provides updates, obsolete software is highly prone to vulnerabilities.

SOLUTION:
Users are advised to update to latest Java SE versions from the Java SE Downloads webpage.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

Java SE Downloads: Windows

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
C:\Program Files (x86)\Java\jre6\bin\client\jvm.dll product version is 6.0.430.1
Expand Severity Title Port/Service
3
Microsoft Windows "RunAs" Password Length Local Information Disclosure - Zero Day
 
QID:
116157
Category:
Local
CVE ID:
CVE-2009-0320
Vendor Reference
-
Bugtraq ID:
33440
Service Modified:
09/04/2009
User Modified:
-
Edited:
No
PCI Vuln:
Yes
CVSS Base:
4
CVSS Temporal:
3.4
THREAT:
RunAs is a service component for Windows, which can be used to execute a second application as a different user, generally for performing privileged operations.

RunAs is prone to a local password disclosure vulnerability that allows a malicious user to guess the password length when "runas.exe" is used to launch an application under another's user's privilege. When the application prompts the current user for the password of the specified user, a local attacker can monitor the "I/O Other Bytes" performance of the application to determine the length of the submitted password.

IMPACT:
If this vulnerability is successfully exploited, it allows an attacker to easily discriminate between strong and weak passwords as well as gain information about user passwords. This sensitive information can aid in passwords brute-force attempts and dictionary attacks.
SOLUTION:
There are currently no vendor-supplied patches available at this time. This detection will be updated when Microsoft releases a patch for the issue.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
%windir%\System32\runas.exe found
Expand Severity Title Port/Service
3
Hotfix KB2264107 (DLL hijacking) Not Installed / Not Configured
 
QID:
118423
Category:
Local
CVE ID:
-
Vendor Reference
KB2269637
Bugtraq ID:
-
Service Modified:
02/22/2011
User Modified:
-
Edited:
No
PCI Vuln:
Yes
CVSS Base:
9.3[1]
CVSS Temporal:
7.3
THREAT:
Microsoft Windows is prone to a design error vulnerability. The vulnerability lies in the manner in which Windows, while executing third-party applications, loads and executes DLL files. The vulnerability is related to the search order followed by the OS when loading an executable. This leads to a class of attacks popularly called "remote binary planting."

Affected Software:
Windows XP , 2003 Server , Windows Vista , Windows server 2008 and Windows 7 are reported to be vulnerable.

IMPACT:
If this vulnerability is successfully exploited, an attacker can execute arbitrary code. The attacker can also cause a denial of service.
SOLUTION:
Refer to KB2264107 for further details.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

KB2264107: Windows XP Professional 32-Bit Edition

KB2264107: Windows XP Professional 64-Bit Edition

KB2264107: Windows 2003 32-Bit Edition

KB2264107: Windows Server 2003 64-Bit Edition

KB2264107: Windows Server 2003 with SP2 for Itanium-based Systems

KB2264107: Windows Vista 32-Bit

KB2264107: Windows Vista x64 Edition

KB2264107: Windows Server 2008 for 32-bit Systems

KB2264107: Windows Server 2008 for x64-based Systems

KB2264107: Windows Server 2008 for Itanium-based Systems

KB2264107: Windows 7 for 32-bit Systems

KB2264107: Windows 7 for x64-based Systems

KB2264107: Windows Server 2008 R2 for x64-based Systems

KB2264107: Windows Server 2008 R2 for Itanium-based Systems

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Hotfix KB2264107 is installed, but CWDIllegalInDllSearch registry entry has not been configured properly
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager CWDIllegalInDllSearch is missing.
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager CWDIllegalInDllSearch is missing.
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager CWDIllegalInDllSearch is missing.
Expand Severity Title Port/Service
2
Global User List
 
QID:
45002
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
04/08/2009
User Modified:
-
Edited:
No
PCI Vuln:
Yes
CVSS Base:
5[1]
CVSS Temporal:
4.7
THREAT:
This is the global system user list, which was retrieved during the scan by exploiting one or more vulnerabilities. The Qualys IDs for the vulnerabilities leading to the disclosure of these users are also given in the Result section. Each user will be displayed only once, even though it may be obtained by using different methods.
IMPACT:
These common account(s) can be used by a malicious user to break-in the system via password bruteforcing.
SOLUTION:
To prevent your host from being attacked, do one or more of the following:
  • Remove (or rename) unnecessary accounts
  • Shutdown unnecessary network services
  • Ensure the passwords to these accounts are kept secret
  • Use a firewall to restrict access to your hosts from unauthorized domains
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
User NameSource Vulnerability (QualysID)
sop.admin45032
sop.guest90266, 45027, 45031
Expand Severity Title Port/Service
2
NetBIOS Name Accessible
 
QID:
70000
Category:
SMB / NETBIOS
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
04/28/2009
User Modified:
-
Edited:
No
PCI Vuln:
No
CVSS Base:
0[1]
CVSS Temporal:
0
THREAT:
Unauthorized users can obtain this host's NetBIOS server name from a remote system.
IMPACT:
Unauthorized users can obtain the list of NetBIOS servers on your network. This list outlines trust relationships between server and client computers. Unauthorized users can therefore use a vulnerable host to penetrate secure servers.
SOLUTION:
If the NetBIOS service is not required on this host, disable it. Otherwise, block any NetBIOS traffic at your network boundaries.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
SOP-TS2
Expand Severity Title Port/Service
2
Microsoft Internet Explorer Cache Objects History Enumeration Vulnerability - Zero Day
 
QID:
100112
Category:
Internet Explorer
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
50918
Service Modified:
12/06/2011
User Modified:
-
Edited:
No
PCI Vuln:
Yes
CVSS Base:
6.8[1]
CVSS Temporal:
5.8
THREAT:
A vulnerability in Microsoft Internet Explorer, caused by an error when handling cache objects, can be exploited to enumerate visited sites.
Affected Versions:-
Microsoft Internet Explorer 6, 7, 8, and 9.

IMPACT:
An attacker can exploit this issue by enticing an unsuspecting victim to view a malicious webpage.
SOLUTION:
There are no vendor-supplied patches available at this time.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
HKLM\SOFTWARE\Microsoft\Internet Explorer Version = 9.0.8112.16421
Microsoft Internet Explorer Cache Objects information-disclosure Vulnerability.
Expand Severity Title Port/Service
2
SSL Certificate - Signature Verification Failed Vulnerability port 27599/tcp over SSL
 
QID:
38173
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/22/2009
User Modified:
-
Edited:
No
PCI Vuln:
Yes
CVSS Base:
9.4[1]
CVSS Temporal:
6.9
THREAT:
An SSL Certificate associates an entity (person, organization, host, etc.) with a Public Key. In an SSL connection, the client authenticates the remote server using the server's Certificate and extracts the Public Key in the Certificate to establish the secure connection. The authentication is done by verifying that the public key in the certificate is signed by a trusted third-party Certificate Authority.

If a client is unable to verify the certificate, it can abort communication or prompt the user to continue the communication without authentication.

IMPACT:
By exploiting this vulnerability, man-in-the-middle attacks in tandem with DNS cache poisoning can occur.

Exception:
If the server communicates only with a restricted set of clients who have the server certificate or the trusted CA certificate, then the server or CA certificate may not be available publicly, and the scan will be unable to verify the signature.

SOLUTION:
Please install a server certificate signed by a trusted third-party Certificate Authority.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Certificate #0 CN=SOP-TS2.ad.unc.edu unable to get local issuer certificate
Expand Severity Title Port/Service
2
Windows User Accounts With Unchanged Passwords
 
QID:
105236
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/11/2009
User Modified:
-
Edited:
No
PCI Vuln:
No
CVSS Base:
0[1]
CVSS Temporal:
0
THREAT:
The target Microsoft Windows system has some user accounts with passwords which have never changed. This may include any disabled accounts that you may have.
IMPACT:
N/A
SOLUTION:
Please check if this adheres with your security policy and remove unwanted accounts.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
sop.guest
Expand Severity Title Port/Service
1
Windows Registry Setting To Globally Prevent Socket Hijacking Missing
 
QID:
90213
Category:
Windows
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
06/16/2009
User Modified:
-
Edited:
No
PCI Vuln:
No
CVSS Base:
2.1[1]
CVSS Temporal:
1.5
THREAT:
Microsoft Windows since Windows NT is vulnerable to socket hijacking. This is because the operating system does not implement the concept of privileged listener ports. So any unprivileged user process can listen on sub-1024 port numbers. If a privileged server process is listening on such a port already, there's a possibility for the unprivileged process to hijack the socket by collecting all data meant for the privileged process.

This issue arises when the first server socket binds to a port (privileged or otherwise) but specifies "INADDR_ANY" or "0.0.0.0" as the IP address to bind on. This allows the server to receive packets arriving on that port on any interface configured with a public IP address. This configuration is typical on a multihomed/multi-NIC machine set up as a server (or when the IP address might change in the future). However, if another rogue socket binds to the same port (using "SO_REUSEADDR") on a more specific IP address (instead of INADDR_ANY) of one of the interfaces, the network stack hands packets arriving on that port to the more specifically bound socket.

As a solution, Microsoft provided the SO_EXCLUSIVEADDRUSE Option, a socket option to be used by sockets before binding, to prevent this issue. However, using the SO_EXCLUSIVEADDRUSE option may not be possible for administrators with server applications coded prior to this solution, or which are closed source binaries that can't be fixed to implement this. This socket option has been provided for all Windows versions starting from Windows NT 4.0 Service Pack 4 and onwards.

IMPACT:
If this registry setting is missing, in the absence of a SO_EXCLUSIVEADDRUSE check on a listening privileged socket, local unprivileged users can easily hijack the socket and intercept all data meant for the privileged process.
SOLUTION:
As a workaround, Microsoft provides a registry setting that will globally (system-wide) prevent all sockets from reusing any port that is already in use. This is done by setting to 1 the "DisableAddressSharing" value of the "HKLM\System\CurrentControlSet\Services\Afd\Parameters" key. (Reboot required for the setting to take effect).

The administrator should first confirm that disallowing socket reuse globally does not break the functionality/correctness of existing legitimate servers on the system. If it's safe, the setting described above should be used to apply this security measure.

Please refer to Microsoft article on SO_EXCLUSIVEADDRUSE before implementing this feature.

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
HKLM\SYSTEM\CurrentControlSet\Services\Afd\Parameters DisableAddressSharing is missing.
Expand Severity Title Port/Service
3
Remote Access or Management Service Detected
QID:
42017
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
10/17/2011
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
A remote access or remote management service was detected. If such a service is accessible to malicious users it can be used to carry different type of attacks. Malicious users could try to brute force credentials or collect additional information on the service which could enable them in crafting further attacks.

The Results section includes information on the remote access service that was found on the target.

Services like Telnet, Rlogin, SSH, windows remote desktop, pcAnywhere, Citrix Management Console, Remote Admin (RAdmin), VNC, OPENVPN and ISAKMP are checked.

IMPACT:
Consequences vary by the type of attack.
SOLUTION:
Expose the remote access or remote management services only to the system administrators or intended users of the system.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Service name: ISAKMP on UDP port 500.
Expand Severity Title Port/Service
3
Accounts Enumerated From SAM Database Whose Passwords Do Not Expire
QID:
45031
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
08/30/2004
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The Security Accounts Manager holds user and machine account information. The scanner found at least one user or machine account in the SAM database for the target Windows machine whose password does not expire. The accounts are listed in the Result section.
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
User/Machine Accounts With Passwords That Do Not Expire:
sop.guest
Expand Severity Title Port/Service
3
NetBIOS Bindings Information
QID:
70004
Category:
SMB / NETBIOS
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/09/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The following bindings were detected on this computer. Bindings have many purposes. They reflect such things as users logged-in, registration of a user name, registration of a service in a domain, and registering of a NetBIOS name.
IMPACT:
Unauthorized users can use this information in further attacks against the host. A list of logged-in users on the target host/network can potentially be used to launch social engineering attacks.
SOLUTION:
This service uses the UDP and TCP port 137. Typically, this port should not be accessible to external networks, and should be firewalled.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
NameServiceNetBIOS Suffix
SOP-TS2Workstation Service0x0
ADDomain Name0x0
SOP-TS2File Server Service0x20
Expand Severity Title Port/Service
3
NetBIOS Shared Folders
QID:
70030
Category:
SMB / NETBIOS
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
10/29/2003
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The following NetBIOS shared folders have been detected.
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Device NameCommentTypeLabelSizeDescription
ADMIN$Remote Admin-2147483648 39 GBDisk (mounted)
C$Default share-2147483648
IPC$Remote IPC-2147483645
MTATempStore$ 0
Expand Severity Title Port/Service
3
Microsoft Windows Socket Parameters, TCP/IP Hardening Guidelines
QID:
90127
Category:
Windows
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
06/29/2004
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Windows Socket (Winsock) parameters at the target are enumerated and compared against the protection levels recommended in TCP/IP hardening guidelines from Microsoft.
IMPACT:
Depending on the services hosted by the target, it may be subject to denial of service attacks.
SOLUTION:
You can secure the TCP/IP stack for Windows Sockets (Winsock) applications such as FTP servers and Web servers. The driver Afd.sys is responsible for connection attempts to Winsock applications. Afd.sys has been modified in Windows 2000, Windows 2003, and Windows XP to support large numbers of connections in the half-open state without denying access to legitimate clients. Afd.sys can use dynamic backlog, which is configurable, rather than a static backlog.

You can configure four parameters for the dynamic backlog:

EnableDynamicBacklog: Switches between using a static backlog and a dynamic backlog. By default, this parameter is set to 0, which enables the static backlog. You should enable the dynamic backlog for better security on Winsock.

MinimumDynamicBacklog: Controls the minimum number of free connections allowed on a listening Winsock endpoint. If the number of free connections drops below this value, a thread is queued to create additional free connections. Making this value too large (setting it to a number greater than 100) will degrade the performance of the computer.

MaximumDynamicBacklog: Controls the maximum number of half-open and free connections to Winsock endpoints. If this value is reached, no additional free connections will be made.

DynamicBacklogGrowthDelta: Controls the number of Winsock endpoints in each allocation pool requested by the computer. Setting this value too high can cause system resources to be unnecessarily occupied.

Each of these values must be added to this registry key:
HKLM\System\CurrentControlSet\Services\AFD\Parameters

The recommended levels of protection for these parameters are indicated below.
DynamicBacklogGrowthDelta: 10
EnableDynamicBacklog: 1
MinimumDynamicBacklog: 20
MaximumDynamicBacklog: 20,000

Refer to the Microsoft Security Topics document called Hardening Systems and Servers: Checklists and Guides for a detailed description of these parameters and other impacts these might have before deploying these settings.

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
EnableDynamicBacklogRecommended:1Actual:Missing
MinimumDynamicBacklogRecommended:20Actual:Missing
MaximumDynamicBacklogRecommended:20, 000Actual:Missing
DynamicBacklogGrowthDeltaRecommended:10Actual:Missing
Expand Severity Title Port/Service
3
Microsoft Windows TCP Parameters, TCP/IP Hardening Guidelines
QID:
90128
Category:
Windows
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
11/16/2004
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The target Windows system TCP/IP parameters are enumerated and compared against TCP/IP hardening guidelines from Microsoft.

To help prevent denial of service attacks, you can harden the TCP/IP protocol stack on Windows 2000/2003 and Windows XP computers. You should harden the TCP/IP stack against denial of service attacks, even on internal networks, to prevent denial of service attacks that originate from inside the network as well as on computers attached to public networks.

You can harden the TCP/IP stack on a Windows 2000/2003 or Windows XP computer by customizing these registry values, which are stored in the registry key:
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\

IMPACT:
Depending on the role played by the target, it may be subject to denial of service and other TCP level attacks.
SOLUTION:
EnablePMTUDiscovery: Determines whether path MTU discovery is enabled (1), in which case TCP attempts to discover the largest packet size over the path to a remote host. When path MTU discovery is disabled (0), the path MTU for all TCP connections will be fixed at 576 bytes.

DisableIPSourceRouting: Determines whether a computer allows clients to predetermine the route that packets take to their destination. When this value is set to 2, the computer will disable source routing for IP packets.

NoNameReleaseOnDemand: Determines whether the computer will release its NetBIOS name if requested by another computer or a malicious packet attempting to hijack the computer's NetBIOS name. This is configured under HKLM\System\CurrentControlSet\Services\Netbt\Parameters

PerformRouterDiscovery: Determines whether the computer performs router discovery on this interface. Router discovery solicits router information from the network and adds the information retrieved to the route table. Setting this value to 0 will prevent the interface from performing router discovery.

EnableDeadGWDetect: Determines whether the computer will attempt to detect dead gateways. When dead gateway detection is enabled (by setting this value to 1), TCP might ask IP to change to a backup gateway if a number of connections are experiencing difficulty. Backup gateways are defined in the TCP/IP configuration dialog box in the Network Control Panel for each adapter. When you leave this setting enabled, it's possible for an attacker to redirect the server to a gateway of his choosing.

EnableICMPRedirect: When ICMP redirects are disabled (by setting the value to 0), attackers cannot carry out attacks that require a host to redirect the ICMP-based attack to a third party.

SynAttackProtect: Enables SYN flood protection in Windows 2000 and Windows XP. You can set this value to 0, 1, or 2. The default setting 0 provides no protection. Setting the value to 1 will activate SYN/ACK protection contained in the TCPMaxPortsExhausted, TCPMaxHalfOpen, and TCPMaxHalfOpenRetried values. Setting the value to 2 will protect against SYN/ACK attacks by more aggressively timing out open and half-open connections. For Windows 2003, the recommended value is 1.

TCPMaxConnectResponseRetransmissions: Determines how many times TCP retransmits an unanswered SYN/ACK message. TCP retransmits acknowledgments until the number of retransmissions specified by this value is reached.

TCPMaxHalfOpen: Determines how many connections the server can maintain in the half-open state before TCP/IP initiates SYN flooding attack protection. This entry is used only when SYN flooding attack protection is enabled on this server, that is when the value of the SynAttackProtect entry is 1 or 2 and the value of the TCPMaxConnectResponseRetransmissions entry is at least 2.

TCPMaxHalfOpenRetired: Determines how many connections the server can maintain in the half open state even after a connection request has been retransmitted. If the number of connections exceeds the value of this entry, TCP/IP initiates SYN flooding attack protection. This entry is used only when SYN flooding attack protection is enabled on this server, that is when the value of the SynAttackProtect entry is 1 and the value of the TCPMaxConnectResponseRetransmissions entry is at least 2.

Refer to the Microsoft Security Topics document called Hardening Systems and Servers: Checklists and Guides for a detailed description of these parameters and other impacts these might have before deploying these settings.

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
EnableICMPRedirectRecommended:0Actual:0
SynAttackProtectRecommended:2Actual:1
TCPMaxConnectResponseRetransmissionsRecommended:2Actual:2
TCPMaxHalfOpenRecommended:500Actual:Missing
TCPMaxHalfOpenRetriedRecommended:400Actual:Missing
TCPMaxPortsExhaustedRecommended:5Actual:Missing
TCPMaxDataRetransmissionsRecommended:3Actual:3
EnableDeadGWDetectRecommended:0Actual:0
EnablePMTUDiscoveryRecommended:0Actual:Missing
DisableIPSourceRoutingRecommended:2Actual:2
NoNameReleaseOnDemandRecommended:1Actual:1
PerformRouterDiscoveryRecommended:0Actual:0
Expand Severity Title Port/Service
3
BHOs Detected
QID:
90139
Category:
Windows
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
08/12/2004
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
A Browser Helper Object (BHO) is a special type of add-in for Microsoft Internet Explorer (IE). A BHO tightly integrates with IE to customize and control the browser application. When IE starts, it scans the registry to create BHOs. Created BHOs have access to all the events and properties of the current browsing session. BHOs can be manually searched using "regedit.exe". For example, Adobe Acrobat installs a BHO and adds it to the registry as described below.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

where {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} is the UUID of BHO, and InprocServer32 in HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\InprocServer32 specifies the file path of the BHO. In this example, it is "C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx". Your system might have different path.

The following Browser Helper Objects have been found on your system.

IMPACT:
A maliciously designed BHO, probably installed by Trojans, could potentially snatch data from your online session, including your user name and passwords entered into forms on Web pages, and send anywhere.
SOLUTION:
You can manually delete registry entries to disable unwanted BHOs, but this might create problems. It is highly recommended to use your antivirus software and tools such as BHOcop.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Browser Helper Objects
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}C:\PROGRA~1\Microsoft Office\Office14\GROOVEEX.DLL
{B4F3A835-0E21-4959-BA22-42B3008E02FF}C:\PROGRA~1\Microsoft Office\Office14\URLREDIR.DLL
{DBC80044-A445-435b-BC74-9C25C1C588A9}C:\Program Files\Java\jre6\bin\jp2ssv.dll
Expand Severity Title Port/Service
3
Hotfix KB2264107 (DLL hijacking) Installed
QID:
90634
Category:
Windows
CVE ID:
-
Vendor Reference
KB2264107
Bugtraq ID:
-
Service Modified:
08/31/2010
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
A new CWDIllegalInDllSearch registry entry is available to control the DLL search path algorithm. The DLL search path algorithm is used by the LoadLibrary API and the LoadLibraryEx API when DLLs are loaded without specifying a fully qualified path.

Refer to Microsoft KB article 2264107 to obtain additional details.

IMPACT:
Successfully exploiting these vulnerabilities might allow a remote user to cause denial of service or bypass some security restrictions to access some files.
SOLUTION:
Refer to KB2264107 for further details.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

KB2264107: Windows XP 32 bit Edition

KB2264107: Windows XP 64 bit Edition

KB2264107: Windows Server 2003 - 32 bit

KB2264107: Windows Server 2003 - 64 bit

KB2264107: Windows Vista - 32 bit

KB2264107: Windows Vista - 64 bit

KB2264107: Windows 2008-32 bit

KB2264107: Windows 2008-64 Bit

KB2264107: Windows Server 2008 R2 for Itanium-based Systems

KB2264107: Windows Server 2008 R2 for x64-based Systems

KB2264107: Windows 7 for 32-bit Systems

KB2264107: Windows 7 for 64-bit Systems

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Hotfix KB2264107 is installed
Expand Severity Title Port/Service
3
SAMR Pipe Permissions Enumerated
QID:
105237
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
09/23/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The account permissions for the SAMR pipe are enumerated from the target Microsoft Windows system.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
\SAMR Everyone 0 access_allowed write_attributes write_data read_attributes write_extended_attributes standard_read read_extended_attributes read_data
\SAMR AnonymousLogon 7 access_allowed write_attributes write_data read_attributes write_extended_attributes standard_read read_extended_attributes read_data
\SAMR Administrators 544 access_allowed read_data delete_child standard_read write_extended_attributes read_attributes write_attributes standard_delete write_data execute append_data read_extended_attributes standard_write_dac standard_write_owner
Expand Severity Title Port/Service
3
Antivirus Product Detected on Windows Host
QID:
105327
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
10/16/2009
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
One or more of the following Windows Antivirus products were detected on the host:

AVG Antivirus
CA eTrust Antivirus
F-Secure Antivirus
Kaspersky Antivirus
McAfee Antivirus
Network Associates Antivirus
Sophos Antivirus Scanner
Symantec Norton Antivirus Corporate Edition
Symantec Norton Antivirus Personal Edition
Symantec Endpoint Protection
TrendMicro Antivirus
ESET Antivirus Scanner
Microsoft Windows Defender
Clam Antivirus

IMPACT:
n/a
SOLUTION:
n/a
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
HKLM\SOFTWARE\Microsoft\Windows Defender exists
Windows Defender Installed
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\\Rtvscan.exe found
Symantec x64 Scanner Installed
Expand Severity Title Port/Service
2
Operating System Detected
QID:
45017
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
02/09/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Several different techniques can be used to identify the operating system (OS) running on a host. A short description of these techniques is provided below. The specific technique used to identify the OS on this host is included in the RESULTS section of your report.

1) TCP/IP Fingerprint: The operating system of a host can be identified from a remote system using TCP/IP fingerprinting. All underlying operating system TCP/IP stacks have subtle differences that can be seen in their responses to specially-crafted TCP packets. According to the results of this "fingerprinting" technique, the OS version is among those listed below.

Note that if one or more of these subtle differences are modified by a firewall or a packet filtering device between the scanner and the host, the fingerprinting technique may fail. Consequently, the version of the OS may not be detected correctly. If the host is behind a proxy-type firewall, the version of the operating system detected may be that for the firewall instead of for the host being scanned.

2) NetBIOS: Short for Network Basic Input Output System, an application programming interface (API) that augments the DOS BIOS by adding special functions for local-area networks (LANs). Almost all LANs for PCs are based on the NetBIOS. Some LAN manufacturers have even extended it, adding additional network capabilities. NetBIOS relies on a message format called Server Message Block (SMB).

3) PHP Info: PHP is a hypertext pre-processor, an open-source, server-side, HTML-embedded scripting language used to create dynamic Web pages. Under some configurations it is possible to call PHP functions like phpinfo() and obtain operating system information.

4) SNMP: The Simple Network Monitoring Protocol is used to monitor hosts, routers, and the networks to which they attach. The SNMP service maintains Management Information Base (MIB), a set of variables (database) that can be fetched by Managers. These include "MIB_II.system.sysDescr" for the operating system.

IMPACT:
Not applicable.
SOLUTION:
Not applicable.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Operating SystemTechniqueID
Windows Server 2008 R2 Enterprise 64 bit Edition Service Pack 1Windows Registry
Windows 2008/7NTLMSSP
Windows Vista / Windows 2008 / Windows 7 / Windows 2012TCP/IP FingerprintU3414:135
Cisco VPN 3000 ConcentratorIKE FINGERPRINTING
Windows Server 2008 R2 Enterprise 7601 Service Pack 1/Windows Server 2008 R2 Enterprise 6.1CIFS via TCP Port 445
cpe:/o:microsoft:windows server 2008:r2:sp1:enterprise x64:CPE
Expand Severity Title Port/Service
2
Windows Effective Password Policy Information Gathering Via SAM Database
QID:
45026
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
07/29/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
This check probes the SAM database on the target host for password policy information. Information gathered is:

Minimum Password Age in Days
Maximum Password Age in Days
Minimum Password Length in Characters
Password History (Number of old passwords remembered)

The policy is the effective policy, which is a combination of the local policy settings (if any) and the domain-wide policy settings made on the Domain Controller(s) for the domain.

This probe requires authentication to be successful.

IMPACT:
This password policy information may be used for auditing a Windows-based network for password policy compliance of its nodes. An attacker with a working account can use it to query the network and obtain information.
SOLUTION:
N/A
COMPLIANCE:
Type: CobIT
Section: DS5.4
Description: DS5.4 User Account Management Ensure that requesting, establishing, issuing, suspending, modifying and closing user accounts and related user privileges are addressed by user account management. An approval procedure outlining the data or system owner granting the access privileges should be included. These procedures should apply for all users, including administrators (privileged users), internal and external users, for normal and emergency cases. Rights and obligations relative to access to enterprise systems and information are contractually arranged for all types of users. Perform regular management review of all accounts and related privileges.

Type: GLBA
Section: N/A
Description: Ensure the confidentiality and protection of passwords through secure password creation and distribution mechanisms.

Type: HIPAA
Section: 164.308(a)(5)(ii)(D)
Description: Password management Procedures for creating, changing, and safeguarding passwords.

Type: SOX
Section: N/A
Description: User Access Management Granting resource access, user ID and password requirements, individual accountability, limited utilization of native administrative IDs, non-employee user ID expiration, reporting employee and contractor status changes. Operating System Access Control Password enforcement, logon information, password display and printing, required password changes, vendor default passwords, security changes after system compromise, systems software utility usage, automatic log off. Password Management Procedures exist that ensure the confidentiality and protection of passwords through secure password creation and distribution mechanisms, the enforcement and adherence to acceptable password standards, and the regular changing of passwords.

EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Effective Password Policy:

Mininum Password Length - 14 Characters.
Password History Length - 24 Passwords.
Minimum Password Age - 2 Days.
Maximum Password Age - 7 Days.
Password Complexity - Set.
Store Password Using Reversible Encryption - Not Set.
Expand Severity Title Port/Service
2
Windows Domain Effective Account Lockout Policy Information Gathered Via SAM Database
QID:
45028
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
12/30/2003
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The Security and Accounts Manager (SAM) Database of any Windows host participating in a Windows Domain has information about the account lockout policy set on that system. Such information was gathered from the target and is shown in the Results section below.

It should be noted that if the Domain Controller/Active Directory on this domain enforces a policy as well, the Domain Controller policy will override the local policies (if any) of each host. Further, it takes up to a couple of minutes for changes on the Domain Controller policy to be propogated to all the individual hosts on that domain.

SOLUTION:
 
COMPLIANCE:
Type: CobIT
Section: DS5.4
Description: User Account Management Ensure that requesting, establishing, issuing, suspending, modifying and closing user accounts and related user privileges are addressed by user account management. An approval procedure outlining the data or system owner granting the access privileges should be included. These procedures should apply for all users, including administrators (privileged users), internal and external users, for normal and emergency cases. Rights and obligations relative to access to enterprise systems and information are contractually arranged for all types of users. Perform regular management review of all accounts and related privileges.

Type: GLBA
Section: N/A
Description: Ensure that accounts are locked after unsuccessful login attempts.

Type: HIPAA
Section: 164.312(a)(1)
Description: Standard: Access Control Implement technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to those persons or software programs that have been granted access rights as specified in 164.308(a)(4).

Type: SOX
Section: N/A
Description: Ensure that accounts are locked after unsuccessful login attempts and that failed login attempts are logged.

EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Effective Account Lockout Policy:

Maximum Failed Logon Attempts Before Lockout - 10 Attempts.
Lockout Logon-Attempts-Counter Duration - 15 Minutes.
Lockout Duration - 15 Minutes.
Expand Severity Title Port/Service
2
Microsoft .Net Framework Installed on Target Host
QID:
45178
Category:
Information gathering
CVE ID:
-
Vendor Reference
Microsoft .NET Framework
Bugtraq ID:
-
Service Modified:
03/07/2013
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Microsoft .NET Framework is a software framework for computers running Microsoft Windows operating systems.

Microsoft .NET Framework is installed on target host.

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
.Net FrameworkVersionService PackKey
.Net Framework 2.0 x642.0.50727.54202HKLM\SOFTWARE\Microsoft\NET Framework Setup\NDP\v2.0.50727
.Net Framework 3.0 x643.0.30729.54202HKLM\SOFTWARE\Microsoft\NET Framework Setup\NDP\v3.0
.Net Framework 3.5 x643.5.30729.54201HKLM\SOFTWARE\Microsoft\NET Framework Setup\NDP\v3.5
.Net Framework 4.x Client Installation x644.0.30319 - HKLM\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Client
.Net Framework 4.x Full Installation x644.0.30319 - HKLM\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full
.Net Framework 2.0 x862.0.50727.54202HKLM\SOFTWARE\Wow6432Node\Microsoft\NET Framework Setup\NDP\v2.0.50727
.Net Framework 3.0 x863.0.30729.54202HKLM\SOFTWARE\Wow6432Node\Microsoft\NET Framework Setup\NDP\v3.0
.Net Framework 3.5 x863.5.30729.54201HKLM\SOFTWARE\Wow6432Node\Microsoft\NET Framework Setup\NDP\v3.5
.Net Framework 4.x Client Installation x864.0.30319 - HKLM\SOFTWARE\Wow6432Node\Microsoft\NET Framework Setup\NDP\v4\Client
.Net Framework 4.x Full Installation x864.0.30319 - HKLM\SOFTWARE\Wow6432Node\Microsoft\NET Framework Setup\NDP\v4\Full
Expand Severity Title Port/Service
2
Open DCE-RPC / MS-RPC Services List
QID:
70022
Category:
SMB / NETBIOS
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
06/06/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The following DCE-RPC / MS-RPC services are active on the remote host.
IMPACT:
N/A
SOLUTION:
Shut down any unknown or unused service on the list. In Windows, this is done in the "Services" Control Panel. In other environments, this usually requires editing a configuration file or start-up script. If you have provided Windows Authentication credentials, the Microsoft Registry service supporting the named pipe "\PIPE\winreg" must be present to allow CIFS to access the Registry.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
DescriptionVersionTCP PortsUDP PortsHTTP PortsNetBIOS/CIFS Pipes
DCE Endpoint Mapper3.0 \PIPE\epmapper
DCE Remote Management1.0 \PIPE\epmapper
DCOM OXID Resolver0.0 \PIPE\epmapper
DCOM Remote Activation0.0 \PIPE\epmapper
DCOM System Activator0.0 \PIPE\epmapper
Microsoft Event Log Service0.0 \PIPE\eventlog
Microsoft Local Security Architecture0.0 \PIPE\lsarpc
Microsoft Network Logon1.0 \PIPE\NETLOGON
Microsoft Registry1.0 \PIPE\winreg
Microsoft Scheduler Control Service1.0 \PIPE\atsvc
Microsoft Security Account Manager1.049154 \PIPE\samr, \pipe\lsass
Microsoft Server Service3.0 \PIPE\srvsvc
Microsoft Service Control Service2.049188 \PIPE\svcctl
Microsoft Task Scheduler1.0 \PIPE\atsvc
Microsoft Workstation Service1.0 \PIPE\wkssvc
WinHttp Auto-Proxy Service5.1 \PIPE\W32TIME_ALT
RPC ROUTER SERVICE1.0 \PIPE\ROUTER
(Unknown Service)1.049152 \PIPE\InitShutdown
(Unknown Service)1.0 \PIPE\InitShutdown
DHCP Client LRPC Endpoint1.049153 \pipe\eventlog
DHCPv6 Client LRPC Endpoint1.049153 \pipe\eventlog
NRP server endpoint1.049153 \pipe\eventlog
Event log TCPIP1.049153 \pipe\eventlog
(Unknown Service)1.049155 \PIPE\ROUTER, \PIPE\srvsvc, \PIPE\atsvc
Impl friendly name1.049155 \PIPE\ROUTER, \PIPE\srvsvc, \PIPE\atsvc
XactSrv service1.049155 \PIPE\atsvc
IP Transition Configuration endpoint1.049155 \PIPE\atsvc
IKE/Authip API1.049155 \PIPE\atsvc
(Unknown Service)1.049155 \PIPE\atsvc
Unimodem LRPC Endpoint1.0 \pipe\tapsrv
Expand Severity Title Port/Service
2
Host Uptime Based on TCP TimeStamp Option
QID:
82063
Category:
TCP/IP
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/29/2007
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The TCP/IP stack on the host supports the TCP TimeStamp (kind 8) option. Typically the timestamp used is the host's uptime (since last reboot) in various units (e.g., one hundredth of second, one tenth of a second, etc.). Based on this, we can obtain the host's uptime. The result is given in the Result section below.

Some operating systems (e.g., MacOS, OpenBSD) use a non-zero, probably random, initial value for the timestamp. For these operating systems, the uptime obtained does not reflect the actual uptime of the host; the former is always larger than the latter.

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Based on TCP timestamps obtained via port 135, the host's uptime is 3 days, 21 hours, and 35 minutes.
The TCP timestamps from the host are in units of 10 milliseconds.
Expand Severity Title Port/Service
2
Installed Applications Enumerated From Windows Installer
QID:
90235
Category:
Windows
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
07/14/2010
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The installed applications at the Windows host are listed. This test obtains this list by querying the registry keys corresponding to the Installer Database.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
KeyDisplay NameDisplay Version
Microsoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 Client Profile4.0.30319
Microsoft .NET Framework 4 ExtendedMicrosoft .NET Framework 4 Extended4.0.30319
{1D8E6291-B0D5-35EC-8441-6616F567A0F7}Microsoft Visual C++ 2010 x64 Redistributable - 10.0.4021910.0.40219
{1F755486-ABCB-4418-A96B-4F7B4D32BD61}Microsoft System Center 2012 - DPM Protection Agent4.0.1920.0
{350AA351-21FA-3270-8B7A-835434E766AD}Microsoft Visual C++ 2008 Redistributable - x64 9.0.210229.0.21022
{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.41489.0.30729.4148
{5C75DA6D-F5E3-4D4B-A381-B52B8CA5B1CF}Symantec Endpoint Protection11.0.7000.975
{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.61619.0.30729.6161
{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}Microsoft Silverlight5.1.20125.0
{8E34682C-8118-31F1-BC4C-98CD9675E1C2}Microsoft .NET Framework 4 Extended4.0.30319
{90140000-002A-0000-1000-0000000FF1CE}Microsoft Office Office 64-bit Components 201014.0.6029.1000
{90140000-002A-0409-1000-0000000FF1CE}Microsoft Office Shared 64-bit MUI (English) 201014.0.6029.1000
{90140000-0116-0409-1000-0000000FF1CE}Microsoft Office Shared 64-bit Setup Metadata MUI (English) 201014.0.6029.1000
{95120000-00B9-0409-1000-0000000FF1CE}Microsoft Application Error Reporting12.0.6015.5000
{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}Microsoft Visual C++ 2005 Redistributable (x64)8.0.61000
{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}Microsoft .NET Framework 4 Client Profile4.0.30319
KeyDisplay NameDisplay Version
CitrixOnlinePluginPackWebCitrix online plug-in - web12.3.0.8
LiveUpdateLiveUpdate 3.3 (Symantec Corporation)3.3.0.102
Office14.PROPLUSMicrosoft Office Professional Plus 201014.0.6029.1000
{133236FE-E2F7-4313-8BF8-A10ACAAA7CB9}Citrix online plug-in (USB)12.3.0.8
{188BB63B-35C8-47EE-AEBF-5EA826CAA74D}JMP 1010.0.1
{26A24AE4-039D-4CA4-87B4-2F83216043FF}Java(TM) 6 Update 436.0.430
{2FC7287D-39DD-4A84-9806-D27D3CCDC51B}Citrix online plug-in (Web)12.3.0.8
{40526EAF-F385-42B5-B9FB-29723C2C4107}JMP Profiler Core1.10.1
{4A03706F-666A-4037-7777-5F2748764D10}Java Auto Updater2.1.9.0
{57287FDF-27E6-45BC-9DD2-A33545C46C1A}Citrix online plug-in (HDX)12.3.0.8
{6F2FDD50-E0F3-4117-B575-78E77F8D11EF}Citrix online plug-in (DV)12.3.0.8
{7102768D-57FD-455E-B5DC-A66FCB27D358}JMP Profiler GUI1.10.1
{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}Microsoft Visual C++ 2005 Redistributable8.0.61001
{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871Update for Microsoft .NET Framework 4 Extended (KB2468871)1
{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2487367Security Update for Microsoft .NET Framework 4 Extended (KB2487367)1
{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523Update for Microsoft .NET Framework 4 Extended (KB2533523)1
{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217Update for Microsoft .NET Framework 4 Extended (KB2600217)1
{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2656351Security Update for Microsoft .NET Framework 4 Extended (KB2656351)1
{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2736428Security Update for Microsoft .NET Framework 4 Extended (KB2736428)1
{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2742595Security Update for Microsoft .NET Framework 4 Extended (KB2742595)1
{90140000-0011-0000-0000-0000000FF1CE}Microsoft Office Professional Plus 201014.0.6029.1000
{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}Microsoft Office 2010 Service Pack 1 (SP1)Not Found
{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{0690E5CB-319C-4FA5-8513-2E255BBB29B9}Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit EditionNot Found
{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{07CA44F3-F5B3-4D12-8C91-EDC5FE91D45C}Security Update for Microsoft Office 2010 (KB2553091)Not Found
{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{10802A6D-EDBF-4383-BCBD-9D5B32F56D35}Security Update for Microsoft Office 2010 (KB2553096)Not Found
{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{14B7142F-D7E2-4FB0-9E3B-7CAA8D7FFC56}Update for Microsoft Office 2010 (KB2553378) 32-Bit EditionNot Found
{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{18B3CF2A-73F7-4716-B1AE-86D68726D408}Update for Microsoft Office 2010 (KB2553267) 32-Bit EditionNot Found
{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{1CBEDB37-C438-473F-8BA0-2535B0D237E2}Update for Microsoft Office 2010 (KB2687509) 32-Bit EditionNot Found
{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{280E2D43-11CC-4ADE-A171-9286CCB5412B}Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit EditionNot Found
{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}Update for Microsoft Office 2010 (KB2760631) 32-Bit EditionNot Found
{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{48E1B6C2-7299-4F3F-AA63-42F0ACE55AA4}Update for Microsoft Office 2010 (KB2553181) 32-Bit EditionNot Found
{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5DA2D071-A54C-47C0-83E5-43C63DBFD936}Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit EditionNot Found
{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{6B6DDDCE-B456-4FE1-9A07-DBC1708E4158}Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit EditionNot Found
{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{73CC972E-6ABF-456B-9E1E-BADC0E65B57A}Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit EditionNot Found
{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7AC49FC8-F8D2-4DD8-9086-09E52385A21F}Update for Microsoft Office 2010 (KB2553092)Not Found
{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9CFD026D-EB1C-48C2-9DD2-8E8875F251B2}Update for Microsoft Office 2010 (KB2767886) 32-Bit EditionNot Found
{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9FD050BA-79BD-42A4-9E24-E8E13F1C775F}Definition Update for Microsoft Office 2010 (KB982726) 32-Bit EditionNot Found
{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9FF4E0C9-11BB-4B32-AC5E-EAB896CB4216}Security Update for Microsoft Office 2010 (KB2687501) 32-Bit EditionNot Found
{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{A5E549EB-FDD3-4CD1-8163-50D429A36516}Security Update for Microsoft Office 2010 (KB2687510) 32-Bit EditionNot Found
{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{A8686D24-1E89-43A1-973E-05A258D2B3F8}Update for Microsoft Office 2010 (KB2553065)Not Found
{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B1FA5E8C-2342-45AF-8A62-5E860042F8DF}Update for Microsoft Office 2010 (KB2687503) 32-Bit EditionNot Found
{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B5489515-6DD4-47A5-AE4E-64751D15F10E}Security Update for Microsoft Office 2010 (KB2598243) 32-Bit EditionNot Found
{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BC6DFBFD-16DD-47E1-A7EF-2C062930FA4F}Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit EditionNot Found
{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{C7681269-D74B-4AFC-8623-231DD9E66259}Security Update for Microsoft Visio 2010 (KB2760762) 32-Bit EditionNot Found
{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{CC39BA1F-7A25-440C-86A7-77E35D8CC88C}Security Update for Microsoft Office 2010 (KB2553447) 32-Bit EditionNot Found
{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{CCC48FE2-175F-4CDE-82DF-F7BC4672C1A3}Security Update for Microsoft Office 2010 (KB2553371) 32-Bit EditionNot Found
{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{D267D0F7-9770-467D-ACF3-FB2F7E0AC532}Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit EditionNot Found
{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DCE6D0BF-93E4-46C5-9A7C-F1EFF9707C02}Security Update for Microsoft Office 2010 (KB2589320) 32-Bit EditionNot Found
{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}Update for Microsoft Office 2010 (KB2596964) 32-Bit EditionNot Found
{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{EFB525A0-E1C0-4E32-9968-FE401BC87363}Update for Microsoft Office 2010 (KB2566458)Not Found
{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F0CF1EB7-3E57-4F85-843F-B3C79088510D}Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit EditionNot Found
{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1CBE095-403D-466D-BB13-B185A5F33231}Update for Microsoft Outlook 2010 (KB2597090) 32-Bit EditionNot Found
{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F8243081-3FB0-4EE8-9B2A-6F7D70AF5269}Security Update for Microsoft Word 2010 (KB2760410) 32-Bit EditionNot Found
{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{FDCB9E3E-FA40-40E9-AFF4-73BDE8E52205}Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit EditionNot Found
{90140000-0015-0409-0000-0000000FF1CE}Microsoft Office Access MUI (English) 201014.0.6029.1000
{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}Microsoft Office 2010 Service Pack 1 (SP1)Not Found
{90140000-0016-0409-0000-0000000FF1CE}Microsoft Office Excel MUI (English) 201014.0.6029.1000
{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}Microsoft Office 2010 Service Pack 1 (SP1)Not Found
{90140000-0018-0409-0000-0000000FF1CE}Microsoft Office PowerPoint MUI (English) 201014.0.6029.1000
{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}Microsoft Office 2010 Service Pack 1 (SP1)Not Found
{90140000-0019-0409-0000-0000000FF1CE}Microsoft Office Publisher MUI (English) 201014.0.6029.1000
{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}Microsoft Office 2010 Service Pack 1 (SP1)Not Found
{90140000-001A-0409-0000-0000000FF1CE}Microsoft Office Outlook MUI (English) 201014.0.6029.1000
{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{1EEFF749-6F29-4F0B-AB08-4C6EA52AA110}Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit EditionNot Found
{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{47894754-0FEC-4920-9A65-6C1E732587AC}Update for Microsoft Outlook 2010 (KB2687623) 32-Bit EditionNot Found
{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}Microsoft Office 2010 Service Pack 1 (SP1)Not Found
{90140000-001B-0409-0000-0000000FF1CE}Microsoft Office Word MUI (English) 201014.0.6029.1000
{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}Microsoft Office 2010 Service Pack 1 (SP1)Not Found
{90140000-001F-0409-0000-0000000FF1CE}Microsoft Office Proof (English) 201014.0.6029.1000
{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}Microsoft Office 2010 Service Pack 1 (SP1)Not Found
{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{C4F26A9B-B121-4135-8084-A0D9C780C7C8}Update for Microsoft Office 2010 (KB2598242) 32-Bit EditionNot Found
{90140000-001F-040C-0000-0000000FF1CE}Microsoft Office Proof (French) 201014.0.6029.1000
{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{460FF681-BC66-4C38-99DF-7012E03F1EBA}Update for Microsoft Office 2010 (KB2598242) 32-Bit EditionNot Found
{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}Microsoft Office 2010 Service Pack 1 (SP1)Not Found
{90140000-001F-0C0A-0000-0000000FF1CE}Microsoft Office Proof (Spanish) 201014.0.6029.1000
{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{C633216E-FF30-45B6-B2AB-21922A9353EF}Update for Microsoft Office 2010 (KB2598242) 32-Bit EditionNot Found
{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}Microsoft Office 2010 Service Pack 1 (SP1)Not Found
{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{1CBEDB37-C438-473F-8BA0-2535B0D237E2}Update for Microsoft Office 2010 (KB2687509) 32-Bit EditionNot Found
{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{280E2D43-11CC-4ADE-A171-9286CCB5412B}Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit EditionNot Found
{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{5DA2D071-A54C-47C0-83E5-43C63DBFD936}Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit EditionNot Found
{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}Microsoft Office 2010 Service Pack 1 (SP1)Not Found
{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F0CF1EB7-3E57-4F85-843F-B3C79088510D}Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit EditionNot Found
{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}Microsoft Office 2010 Service Pack 1 (SP1)Not Found
{90140000-002C-0409-0000-0000000FF1CE}Microsoft Office Proofing (English) 201014.0.6029.1000
{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}Microsoft Office 2010 Service Pack 1 (SP1)Not Found
{90140000-0044-0409-0000-0000000FF1CE}Microsoft Office InfoPath MUI (English) 201014.0.6029.1000
{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}Microsoft Office 2010 Service Pack 1 (SP1)Not Found
{90140000-006E-0409-0000-0000000FF1CE}Microsoft Office Shared MUI (English) 201014.0.6029.1000
{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}Microsoft Office 2010 Service Pack 1 (SP1)Not Found
{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{73E67A3A-8D61-44EF-90C2-1697C3DBE668}Update for Microsoft Office 2010 (KB2553310) 32-Bit EditionNot Found
{90140000-00A1-0409-0000-0000000FF1CE}Microsoft Office OneNote MUI (English) 201014.0.6029.1000
{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}Microsoft Office 2010 Service Pack 1 (SP1)Not Found
{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{9865DC3A-2898-48D9-B96A-46397571C934}Update for Microsoft OneNote 2010 (KB2553290) 32-Bit EditionNot Found
{90140000-00BA-0409-0000-0000000FF1CE}Microsoft Office Groove MUI (English) 201014.0.6029.1000
{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}Microsoft Office 2010 Service Pack 1 (SP1)Not Found
{90140000-0115-0409-0000-0000000FF1CE}Microsoft Office Shared Setup Metadata MUI (English) 201014.0.6029.1000
{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}Microsoft Office 2010 Service Pack 1 (SP1)Not Found
{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}Microsoft Office 2010 Service Pack 1 (SP1)Not Found
{90140000-0117-0409-0000-0000000FF1CE}Microsoft Office Access Setup Metadata MUI (English) 201014.0.6029.1000
{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}Microsoft Office 2010 Service Pack 1 (SP1)Not Found
{9BE518E6-ECC6-35A9-88E4-87755C07200F}Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.61619.0.30729.6161
{bcd538f9-31bf-4730-920a-066a6f7fb10d}SAS 9.3Not Found
{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}Microsoft Visual C++ 2010 x86 Redistributable - 10.0.4021910.0.40219
{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871Update for Microsoft .NET Framework 4 Client Profile (KB2468871)1
{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523Update for Microsoft .NET Framework 4 Client Profile (KB2533523)1
{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217Update for Microsoft .NET Framework 4 Client Profile (KB2600217)1
{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2604121Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)1
{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656351Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)1
{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656368v2Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)2
{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656405Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)1
{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2686827Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)1
{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2729449Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)1
{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2736428Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)1
{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2737019Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)1
{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2742595Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)1
{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2789642Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)1
Expand Severity Title Port/Service
2
Real Name of Built-in Guest Account Enumerated
QID:
90266
Category:
Windows
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
08/30/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Microsoft best practices documents recommend renaming the built-in Guest account. This test enumerates the actual name of the built-in Guest account.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
sop.guest
Expand Severity Title Port/Service
2
Microsoft Windows Users With Privilege - Assign Primary Token Privilege
QID:
105099
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/25/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The SeAssignPrimaryTokenPrivilege setting at the host is enumerated. By default Local Service and Network Service have this privilege. Local System has the privilege inherently.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Type: CobIT
Section: DS5.4
Description: User Account Management Ensure that requesting, establishing, issuing, suspending, modifying and closing user accounts and related user privileges are addressed by user account management. An approval procedure outlining the data or system owner granting the access privileges should be included. These procedures should apply for all users, including administrators (privileged users), internal and external users, for normal and emergency cases. Rights and obligations relative to access to enterprise systems and information are contractually arranged for all types of users. Perform regular management review of all accounts and related privileges.

EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Network_Service
Local_Service
Expand Severity Title Port/Service
2
Microsoft Windows Users With Privilege - Audit Privilege
QID:
105100
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
03/21/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The SeAuditPrivilege setting at the host is enumerated. By default Local Service and Network Service accounts have this privilege. Local System has the privilege inherently.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Network_Service
Local_Service
Expand Severity Title Port/Service
2
Microsoft Windows Users With Privilege - Backup Files and Directories
QID:
105101
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
03/21/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The SeBackupPrivilege setting allows the user to circumvent file and directory permissions to back up the system. The privilege is selected only when an application attempts access by using the NTFS backup application programming interface API. Otherwise, normal file and directory permissions apply. By default administrators and backup operators have access.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Type: CobIT
Section: DS5.4
Description: User Account Management Ensure that requesting, establishing, issuing, suspending, modifying and closing user accounts and related user privileges are addressed by user account management. An approval procedure outlining the data or system owner granting the access privileges should be included. These procedures should apply for all users, including administrators (privileged users), internal and external users, for normal and emergency cases. Rights and obligations relative to access to enterprise systems and information are contractually arranged for all types of users. Perform regular management review of all accounts and related privileges.

EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Administrators
Expand Severity Title Port/Service
2
Microsoft Windows Users With Privilege - Change Notify
QID:
105102
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
03/21/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Allows a user to passthrough folders to which the user otherwise has no access while navigating an object path in the NTFS file system or in the registry. This privilege does not allow the user to list the contents of a folder; it allows the user only to traverse its directories. By default administrators, backup operators, power users, users who have this privilege.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Type: CobIT
Section: DS5.4
Description: User Account Management Ensure that requesting, establishing, issuing, suspending, modifying and closing user accounts and related user privileges are addressed by user account management. An approval procedure outlining the data or system owner granting the access privileges should be included. These procedures should apply for all users, including administrators (privileged users), internal and external users, for normal and emergency cases. Rights and obligations relative to access to enterprise systems and information are contractually arranged for all types of users. Perform regular management review of all accounts and related privileges.

EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Administrators
Network_Service
Local_Service
Authenticated_Users
Expand Severity Title Port/Service
2
Microsoft Windows Users With Privilege - Create Global Objects
QID:
105103
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
03/21/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The SeCreateGlobalPrivilege setting at the host is enumerated. This privilege is required to create named file mapping objects in the global namespace during Terminal Services sessions. This privilege is enabled by default for administrators, services and the Local System account.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Type: CobIT
Section: DS5.9
Description: Malicious Software Prevention, Detection and Correction Ensure that preventive, detective and corrective measures are in place (especially up-to-date security patches and virus control) across the organisation to protect information systems and technology from malware (viruses, worms, spyware, spam, internally developed fraudulent software, etc.).

EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Service_Logon
Administrators
Network_Service
Local_Service
Expand Severity Title Port/Service
2
Microsoft Windows Users With Privilege - Create Page File
QID:
105104
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
03/21/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The SeCreatePagefile privilege setting at the host is enumerated. This allows users to create and change the size of a page file. This is done by specifying a page file size for a particular drive in the "performance options" box on the Advanced tab of System Properties. By default administrators have this privilege.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Administrators
Expand Severity Title Port/Service
2
Microsoft Windows Users With Privilege - Delegation
QID:
105108
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
03/21/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The SeEnableDelegationPrevilege setting at the host is enumerated. This allows the user to change the Trusted for Delegation setting on a user or computer object in Active Directory.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Type: CobIT
Section: DS5.4
Description: User Account Management Ensure that requesting, establishing, issuing, suspending, modifying and closing user accounts and related user privileges are addressed by user account management. An approval procedure outlining the data or system owner granting the access privileges should be included. These procedures should apply for all users, including administrators (privileged users), internal and external users, for normal and emergency cases. Rights and obligations relative to access to enterprise systems and information are contractually arranged for all types of users. Perform regular management review of all accounts and related privileges.

EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Administrators
Expand Severity Title Port/Service
2
Microsoft Windows Users With Privilege - Impersonate
QID:
105109
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
03/21/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The SeImpersonatePrivilege setting at the host is enumerated. This allows a user to impersonate a client after authentication.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Service_Logon
Administrators
Network_Service
Local_Service
Expand Severity Title Port/Service
2
Microsoft Windows Users With Privilege - Increase Base Priority
QID:
105110
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
03/21/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The SeIncreaseBasePriorityPrivilege setting at the host is enumerated. This allows a user to increase the base priority class of a process. By default administrators have this privilege.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Type: CobIT
Section: DS5.4
Description: User Account Management Ensure that requesting, establishing, issuing, suspending, modifying and closing user accounts and related user privileges are addressed by user account management. An approval procedure outlining the data or system owner granting the access privileges should be included. These procedures should apply for all users, including administrators (privileged users), internal and external users, for normal and emergency cases. Rights and obligations relative to access to enterprise systems and information are contractually arranged for all types of users. Perform regular management review of all accounts and related privileges.

EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Administrators
Expand Severity Title Port/Service
2
Microsoft Windows Users With Privilege - Increase Quota
QID:
105111
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
03/21/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The SeIncreaseQuotaPrivilege setting at the host is enumerated. This allows a process that has access to a second process to increase the processor quota assigned to the second process. By default administrators, Local Service and Network Service have this privilege.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Administrators
Network_Service
Local_Service
Expand Severity Title Port/Service
2
Microsoft Windows Users With Privilege - Load Drivers
QID:
105112
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
03/21/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The SeLoadDriverPrivilege setting at the host is enumerated. This allows a user to load or unload a driver. By default administrators have this privilege.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Administrators
Expand Severity Title Port/Service
2
Microsoft Windows Users With Privilege - Profile Single Process
QID:
105114
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
03/21/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Allows a user to sample the performance of an application process. By default administrators and power users are vulnerable.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Type: CobIT
Section: DS5.4
Description: User Account Management Ensure that requesting, establishing, issuing, suspending, modifying and closing user accounts and related user privileges are addressed by user account management. An approval procedure outlining the data or system owner granting the access privileges should be included. These procedures should apply for all users, including administrators (privileged users), internal and external users, for normal and emergency cases. Rights and obligations relative to access to enterprise systems and information are contractually arranged for all types of users. Perform regular management review of all accounts and related privileges.

EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Administrators
Expand Severity Title Port/Service
2
Microsoft Windows Users With Privilege - Remote Shutdown
QID:
105115
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
03/21/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The SeRemoteShutdownPrevilage setting at the host is enumerated. This allows users to shutdown a system from a remote system.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Administrators
Expand Severity Title Port/Service
2
Microsoft Windows Users With Privilege - Restore
QID:
105116
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
03/21/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The SeRestorePrivilege setting at the host is enumerated. This allows a user to circumvent file and directory permissions when restoring backed-up files and directories, and to set any valid security principal as the owner of an object. By default administrators and backup operators have this privilege.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Type: CobIT
Section: DS5.4
Description: User Account Management Ensure that requesting, establishing, issuing, suspending, modifying and closing user accounts and related user privileges are addressed by user account management. An approval procedure outlining the data or system owner granting the access privileges should be included. These procedures should apply for all users, including administrators (privileged users), internal and external users, for normal and emergency cases. Rights and obligations relative to access to enterprise systems and information are contractually arranged for all types of users. Perform regular management review of all accounts and related privileges.

EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Administrators
Expand Severity Title Port/Service
2
Microsoft Windows Users With Privilege - Change Security Atrributes
QID:
105117
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
03/21/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The SeSecurityPrivilege setting at the host is enumerated. This allows users to specify object access auditing options for individual resources such as files, active directory objects, and registry keys. By default administrators have this privilege.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Administrators
Expand Severity Title Port/Service
2
Microsoft Windows Users With Privilege - Shutdown
QID:
105118
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
03/21/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The SeShutdownPrivilege setting at the host is enumerated. This allows a user to shutdown a local computer. By default administrators, backup operators, power users and users have this privilege.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Administrators
Expand Severity Title Port/Service
2
Microsoft Windows Users With Privilege - Manage Volumes
QID:
105119
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
03/21/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The SeManageVolumePrivilege setting at the host is enumerated. This allows a non-administrative or remote user to manage volumes or disks. By default administrators have this privilege.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Administrators
Expand Severity Title Port/Service
2
Microsoft Windows Users With Privileges - Profile System
QID:
105122
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
03/21/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The SeSystemProfilePrivilege setting at the host is enumerated. This allows a user to sample the performance of system processes. By default administrators have this privilege.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Type: CobIT
Section: DS5.4
Description: User Account Management Ensure that requesting, establishing, issuing, suspending, modifying and closing user accounts and related user privileges are addressed by user account management. An approval procedure outlining the data or system owner granting the access privileges should be included. These procedures should apply for all users, including administrators (privileged users), internal and external users, for normal and emergency cases. Rights and obligations relative to access to enterprise systems and information are contractually arranged for all types of users. Perform regular management review of all accounts and related privileges.

EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Administrators
Expand Severity Title Port/Service
2
Microsoft Windows Users With Privileges - Modify System Time
QID:
105123
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
11/22/2006
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The SeSystemTimePrivilege setting at the host is enumerated. This allows a user to adjust the time on the computer's internal clock. By default administrators and power users have this privilege.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Type: CobIT
Section: DS5.4
Description: User Account Management Ensure that requesting, establishing, issuing, suspending, modifying and closing user accounts and related user privileges are addressed by user account management. An approval procedure outlining the data or system owner granting the access privileges should be included. These procedures should apply for all users, including administrators (privileged users), internal and external users, for normal and emergency cases. Rights and obligations relative to access to enterprise systems and information are contractually arranged for all types of users. Perform regular management review of all accounts and related privileges.

EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Administrators
Local_Service
Expand Severity Title Port/Service
2
Microsoft Windows Users With Privileges - Take Object Ownership
QID:
105124
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
03/21/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The SeTakeOwnershipPrivilege setting at the host is enumerated. This allows a user to take ownership of any securable object in the system including Active Directory objects, NTFS files and folders, printers, registry keys, services, processes and threads. By default administrators have this privilege.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Administrators
Expand Severity Title Port/Service
2
Microsoft Windows Users With Privilege - Undock Privilege
QID:
105126
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
03/21/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The SeUndockPrivilege setting at the host is enumerated. This allows the user of a portable computer to undock the computer by checking Eject PC at the start menu.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Administrators
Expand Severity Title Port/Service
2
Microsoft Windows Users With Rights - Logon as a Batch
QID:
105156
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/06/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The accounts with batch logon rights are enumerated.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Administrators
Expand Severity Title Port/Service
2
Microsoft Windows Users With Rights - Interactive Logon
QID:
105157
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/06/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The accounts with interactive logon rights are enumerated.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Users
Administrators
Expand Severity Title Port/Service
2
Microsoft Windows Users With Rights - Network Logon
QID:
105158
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/06/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The accounts with network logon rights are enumerated.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Administrators
Authenticated_Users
Expand Severity Title Port/Service
2
Microsoft Windows Users With Rights - Logon as a Service
QID:
105159
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/06/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The accounts with service logon rights are enumerated.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
ALL SERVICES
Expand Severity Title Port/Service
2
Microsoft Windows Users With Rights Denied - Logon as a Batch
QID:
105160
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/06/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The accounts for which the batch logon rights are explicitly denied are enumerated.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Type: CobIT
Section: DS5.4
Description: User Account Management Ensure that requesting, establishing, issuing, suspending, modifying and closing user accounts and related user privileges are addressed by user account management. An approval procedure outlining the data or system owner granting the access privileges should be included. These procedures should apply for all users, including administrators (privileged users), internal and external users, for normal and emergency cases. Rights and obligations relative to access to enterprise systems and information are contractually arranged for all types of users. Perform regular management review of all accounts and related privileges.

EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Guests
Domain_Admins_Group
Expand Severity Title Port/Service
2
Microsoft Windows Users With Rights Denied - Interactive Logon
QID:
105161
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/06/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The accounts for which the interactive logon is explicitly denied are enumerated.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Guests
Domain_Admins_Group
Expand Severity Title Port/Service
2
Microsoft Windows Users With Rights Denied - Network Logon
QID:
105162
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/06/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The accounts for which network logon is explicitly denied are enumerated.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Guests
Domain_Admins_Group
Expand Severity Title Port/Service
2
Microsoft Windows Users With Rights Denied - Logon as a Service
QID:
105163
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/06/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The accounts with Service Logon rights explicitly denied are enumerated.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Guests
Domain_Admins_Group
Expand Severity Title Port/Service
2
Windows Auto Reboot After Blue Screen Not Disabled
QID:
105172
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
04/12/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Auto Reboot after blue screen is enabled on the host. It can be used for activating planted applications that require reboot by causing a system error.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
HKLM\SYSTEM\CurrentControlSet\Control\CrashControl AutoReboot = 1
Expand Severity Title Port/Service
2
Microsoft Windows Win32 Services Security Analysis
QID:
105183
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
06/06/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
This test enumerates the security permissions of non-disabled services on the target Windows system.
IMPACT:
Unauthorized users might be able to control critical system components and modify their configuration.
SOLUTION:
Make sure only administrative users have access to the control of system services.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
NameAccessACL1ACL2ACL3
AeLookupSvcAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
AeLookupSvcAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
AeLookupSvcAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
AeLookupSvcAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
AeLookupSvcAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
AeLookupSvcAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
AeLookupSvcAccess Allowed for Administratorsstop-servicepause-continue-service-
AeLookupSvcAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
AeLookupSvcAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
AeLookupSvcAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
AeLookupSvcAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
AudioEndpointBuilderAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
AudioEndpointBuilderAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
AudioEndpointBuilderAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
AudioEndpointBuilderAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
AudioEndpointBuilderAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
AudioEndpointBuilderAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
AudioEndpointBuilderAccess Allowed for Administratorsstop-servicepause-continue-service-
AudioEndpointBuilderAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
AudioEndpointBuilderAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
AudioEndpointBuilderAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
AudioEndpointBuilderAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
AudioSrvAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
AudioSrvAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
AudioSrvAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
AudioSrvAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
AudioSrvAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
AudioSrvAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
AudioSrvAccess Allowed for Administratorsstop-servicepause-continue-service-
AudioSrvAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
AudioSrvAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
AudioSrvAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
AudioSrvAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
BFEAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
BFEAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
BFEAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
BFEAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
BFEAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
BFEAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
BFEAccess Allowed for Administratorsstop-servicepause-continue-service-
BFEAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
BFEAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
BFEAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
BFEAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
BITSAccess Allowed for Local Systemstandard-readstandard-write-ownerstandard-write-dac
BITSAccess Allowed for Local Systemstandard-deletequery-service-configchange-service-config
BITSAccess Allowed for Local Systemquery-service-statusenumerate-service-dependentsstart-service
BITSAccess Allowed for Local Systemstop-servicepause-continue-service-
BITSAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
BITSAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
BITSAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
BITSAccess Allowed for Administratorsstop-servicepause-continue-service-
BITSAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
BITSAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
BITSAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
BITSAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
ccEvtMgrAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
ccEvtMgrAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
ccEvtMgrAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
ccEvtMgrAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
ccEvtMgrAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
ccEvtMgrAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
ccEvtMgrAccess Allowed for Administratorsstop-servicepause-continue-service-
ccEvtMgrAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
ccEvtMgrAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
ccEvtMgrAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
ccEvtMgrAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
ccSetMgrAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
ccSetMgrAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
ccSetMgrAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
ccSetMgrAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
ccSetMgrAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
ccSetMgrAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
ccSetMgrAccess Allowed for Administratorsstop-servicepause-continue-service-
ccSetMgrAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
ccSetMgrAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
ccSetMgrAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
ccSetMgrAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
CertPropSvcAccess Allowed for Local Systemstandard-readstandard-write-ownerstandard-write-dac
CertPropSvcAccess Allowed for Local Systemstandard-deletequery-service-configchange-service-config
CertPropSvcAccess Allowed for Local Systemquery-service-statusenumerate-service-dependentsstart-service
CertPropSvcAccess Allowed for Local Systemstop-servicepause-continue-service-
CertPropSvcAccess Allowed for Administratorsstandard-readquery-service-configchange-service-config
CertPropSvcAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
CertPropSvcAccess Allowed for Administratorsstop-servicepause-continue-servicenterrogate-service
CertPropSvcAccess Allowed for Administratorsservice-user-defined-control--
CertPropSvcAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
CertPropSvcAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
CertPropSvcAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
CertPropSvcAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
CertPropSvcAccess Allowed for S-1-5-80-446051430-1559341753-4161941529-1950928533-810483104start-servicestop-service-
CryptSvcAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
CryptSvcAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
CryptSvcAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
CryptSvcAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
CryptSvcAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
CryptSvcAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
CryptSvcAccess Allowed for Administratorsstop-servicepause-continue-service-
CryptSvcAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
CryptSvcAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
CryptSvcAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
CryptSvcAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
DcomLaunchAccess Allowed for Authenticated Usersstandard-readquery-service-configquery-service-status
DcomLaunchAccess Allowed for Authenticated Usersnterrogate-service--
DcomLaunchAccess Allowed for Local Systemstandard-readstandard-write-ownerstandard-write-dac
DcomLaunchAccess Allowed for Local Systemquery-service-configchange-service-configquery-service-status
DcomLaunchAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
DcomLaunchAccess Allowed for Local Systempause-continue-servicenterrogate-service-
DcomLaunchAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
DcomLaunchAccess Allowed for Administratorsquery-service-configquery-service-statusenumerate-service-dependents
DcomLaunchAccess Allowed for Administratorsstart-servicestop-servicepause-continue-service
DcomLaunchAccess Allowed for Administratorsnterrogate-service--
DcomLaunchAccess Allowed for Usersquery-service-configquery-service-statusnterrogate-service
DhcpAccess Allowed for Authenticated Usersstandard-readquery-service-configquery-service-status
DhcpAccess Allowed for Authenticated Usersenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
DhcpAccess Allowed for Network Configuration Operatorsstandard-readquery-service-configquery-service-status
DhcpAccess Allowed for Network Configuration Operatorsenumerate-service-dependentsstart-servicestop-service
DhcpAccess Allowed for Network Configuration Operatorspause-continue-servicenterrogate-serviceservice-user-defined-control
DhcpAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
DhcpAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
DhcpAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
DhcpAccess Allowed for Administratorsstop-servicepause-continue-service-
DhcpAccess Allowed for Localstandard-readquery-service-configquery-service-status
DhcpAccess Allowed for Localenumerate-service-dependentsstart-servicenterrogate-service
DhcpAccess Allowed for Localservice-user-defined-control--
DhcpAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
DhcpAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
DhcpAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
DnscacheAccess Allowed for Usersstandard-readquery-service-configquery-service-status
DnscacheAccess Allowed for Usersenumerate-service-dependentsstart-servicenterrogate-service
DnscacheAccess Allowed for Usersservice-user-defined-control--
DnscacheAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
DnscacheAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
DnscacheAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
DnscacheAccess Allowed for Administratorsstop-servicepause-continue-service-
DnscacheAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
DnscacheAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
DnscacheAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
DnscacheAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
DnscacheAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
DnscacheAccess Allowed for Network Servicestandard-readquery-service-configquery-service-status
DnscacheAccess Allowed for Network Serviceenumerate-service-dependentsnterrogate-service-
DnscacheAccess Allowed for Local Servicestandard-readquery-service-configquery-service-status
DnscacheAccess Allowed for Local Serviceenumerate-service-dependentsnterrogate-service-
DnscacheAccess Allowed for Network Configuration Operatorsstandard-readquery-service-configquery-service-status
DnscacheAccess Allowed for Network Configuration Operatorsenumerate-service-dependentspause-continue-servicenterrogate-service
DnscacheAccess Allowed for S-1-5-80-2940520708-3855866260-481812779-327648279-1710889582standard-readquery-service-configquery-service-status
DnscacheAccess Allowed for S-1-5-80-2940520708-3855866260-481812779-327648279-1710889582enumerate-service-dependentspause-continue-servicenterrogate-service
DnscacheAccess Allowed for S-1-5-80-2940520708-3855866260-481812779-327648279-1710889582service-user-defined-control--
DPSAccess Allowed for Local Systemstandard-readstandard-write-ownerstandard-write-dac
DPSAccess Allowed for Local Systemstandard-deletequery-service-configchange-service-config
DPSAccess Allowed for Local Systemquery-service-statusenumerate-service-dependentsstart-service
DPSAccess Allowed for Local Systemstop-servicepause-continue-service-
DPSAccess Allowed for Administratorsstandard-readquery-service-configchange-service-config
DPSAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
DPSAccess Allowed for Administratorsstop-servicepause-continue-servicenterrogate-service
DPSAccess Allowed for Administratorsservice-user-defined-control--
DPSAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
DPSAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
DPSAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
DPSAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
eventlogAccess Allowed for Authenticated Usersstandard-readquery-service-configquery-service-status
eventlogAccess Allowed for Authenticated Usersenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
eventlogAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
eventlogAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
eventlogAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
eventlogAccess Allowed for Administratorsstop-servicepause-continue-service-
eventlogAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
eventlogAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
eventlogAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
EventSystemAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
EventSystemAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
EventSystemAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
EventSystemAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
EventSystemAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
EventSystemAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
EventSystemAccess Allowed for Administratorsstop-servicepause-continue-service-
EventSystemAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
EventSystemAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
EventSystemAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
EventSystemAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
FontCacheAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
FontCacheAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
FontCacheAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
FontCacheAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
FontCacheAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
FontCacheAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
FontCacheAccess Allowed for Administratorsstop-servicepause-continue-service-
FontCacheAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
FontCacheAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
FontCacheAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
FontCacheAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
FontCacheAccess Allowed for Interactive Logonstart-service--
FontCacheAccess Allowed for Service Logonstart-service--
FontCacheAccess Allowed for S-1-15-2-1standard-readquery-service-configquery-service-status
FontCacheAccess Allowed for S-1-15-2-1enumerate-service-dependentsstart-servicenterrogate-service
FontCacheAccess Allowed for S-1-15-2-1service-user-defined-control--
gpsvcAccess Allowed for Local Systemstandard-readstandard-write-ownerstandard-write-dac
gpsvcAccess Allowed for Local Systemstandard-deletequery-service-configchange-service-config
gpsvcAccess Allowed for Local Systemquery-service-statusenumerate-service-dependentsstart-service
gpsvcAccess Allowed for Local Systemstop-servicepause-continue-service-
gpsvcAccess Allowed for Administratorsstandard-readquery-service-configquery-service-status
gpsvcAccess Allowed for Administratorsenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
gpsvcAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
gpsvcAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
gpsvcAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
gpsvcAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
IKEEXTAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
IKEEXTAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
IKEEXTAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
IKEEXTAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
IKEEXTAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
IKEEXTAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
IKEEXTAccess Allowed for Administratorsstop-servicepause-continue-service-
IKEEXTAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
IKEEXTAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
IKEEXTAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
IKEEXTAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
iphlpsvcAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
iphlpsvcAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
iphlpsvcAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
iphlpsvcAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
iphlpsvcAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
iphlpsvcAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
iphlpsvcAccess Allowed for Administratorsstop-servicepause-continue-service-
iphlpsvcAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
iphlpsvcAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
iphlpsvcAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
iphlpsvcAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
LanmanServerAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
LanmanServerAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
LanmanServerAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
LanmanServerAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
LanmanServerAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
LanmanServerAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
LanmanServerAccess Allowed for Administratorsstop-servicepause-continue-service-
LanmanServerAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
LanmanServerAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
LanmanServerAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
LanmanServerAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
LanmanWorkstationAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
LanmanWorkstationAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
LanmanWorkstationAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
LanmanWorkstationAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
LanmanWorkstationAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
LanmanWorkstationAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
LanmanWorkstationAccess Allowed for Administratorsstop-servicepause-continue-service-
LanmanWorkstationAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
LanmanWorkstationAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
LanmanWorkstationAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
LanmanWorkstationAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
lmhostsAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
lmhostsAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
lmhostsAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
lmhostsAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
lmhostsAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
lmhostsAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
lmhostsAccess Allowed for Administratorsstop-servicepause-continue-service-
lmhostsAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
lmhostsAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
lmhostsAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
lmhostsAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
MMCSSAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
MMCSSAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
MMCSSAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
MMCSSAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
MMCSSAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
MMCSSAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
MMCSSAccess Allowed for Administratorsstop-servicepause-continue-service-
MMCSSAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
MMCSSAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
MMCSSAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
MMCSSAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
MMCSSAccess Allowed for Usersstart-service--
MpsSvcAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
MpsSvcAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
MpsSvcAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
MpsSvcAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
MpsSvcAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
MpsSvcAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
MpsSvcAccess Allowed for Administratorsstop-servicepause-continue-service-
MpsSvcAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
MpsSvcAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
MpsSvcAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
MpsSvcAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
MpsSvcAccess Allowed for S-1-5-80-2006800713-1441093265-249754844-3404434343-1444102779query-service-configquery-service-statusstart-service
MSDTCAccess Allowed for Localstandard-readquery-service-configquery-service-status
MSDTCAccess Allowed for Localenumerate-service-dependentsstart-servicenterrogate-service
MSDTCAccess Allowed for Local Systemstandard-readquery-service-configchange-service-config
MSDTCAccess Allowed for Local Systemquery-service-statusenumerate-service-dependentsstart-service
MSDTCAccess Allowed for Local Systemstop-servicepause-continue-servicenterrogate-service
MSDTCAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
MSDTCAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
MSDTCAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
MSDTCAccess Allowed for Administratorsstop-servicepause-continue-service-
MSDTCAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
MSDTCAccess Allowed for Interactive Logonenumerate-service-dependentsstart-servicenterrogate-service
MSDTCAccess Allowed for Authenticated Usersstandard-readquery-service-configquery-service-status
MSDTCAccess Allowed for Authenticated Usersenumerate-service-dependentsnterrogate-service-
MSDTCAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
MSDTCAccess Allowed for Service Logonenumerate-service-dependentsstart-servicenterrogate-service
MSDTCAccess Allowed for S-1-5-80-3960419045-2460139048-4046793004-1809597027-2250574426standard-readquery-service-configquery-service-status
MSDTCAccess Allowed for S-1-5-80-3960419045-2460139048-4046793004-1809597027-2250574426enumerate-service-dependentsnterrogate-service-
NetlogonAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
NetlogonAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
NetlogonAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
NetlogonAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
NetlogonAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
NetlogonAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
NetlogonAccess Allowed for Administratorsstop-servicepause-continue-service-
NetlogonAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
NetlogonAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
NetlogonAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
NetlogonAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
NetmanAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
NetmanAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
NetmanAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
NetmanAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
NetmanAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
NetmanAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
NetmanAccess Allowed for Administratorsstop-servicepause-continue-service-
NetmanAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
NetmanAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
NetmanAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
NetmanAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
netprofmAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
netprofmAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
netprofmAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
netprofmAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
netprofmAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
netprofmAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
netprofmAccess Allowed for Administratorsstop-servicepause-continue-service-
netprofmAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
netprofmAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
netprofmAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
netprofmAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
NlaSvcAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
NlaSvcAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
NlaSvcAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
NlaSvcAccess Allowed for Administratorsstop-servicepause-continue-service-
NlaSvcAccess Allowed for Local Systemstandard-readstandard-write-ownerstandard-write-dac
NlaSvcAccess Allowed for Local Systemstandard-deletequery-service-configchange-service-config
NlaSvcAccess Allowed for Local Systemquery-service-statusenumerate-service-dependentsstart-service
NlaSvcAccess Allowed for Local Systemstop-servicepause-continue-service-
NlaSvcAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
NlaSvcAccess Allowed for Interactive Logonenumerate-service-dependentsstart-servicenterrogate-service
NlaSvcAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
NlaSvcAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
NlaSvcAccess Allowed for S-1-5-80-3141615172-2057878085-1754447212-2405740020-3916490453standard-readquery-service-configquery-service-status
NlaSvcAccess Allowed for S-1-5-80-3141615172-2057878085-1754447212-2405740020-3916490453enumerate-service-dependentsstart-service-
nsiAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
nsiAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
nsiAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
nsiAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
nsiAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
nsiAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
nsiAccess Allowed for Administratorsstop-servicepause-continue-service-
nsiAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
nsiAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
nsiAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
nsiAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
osppsvcAccess Allowed for Network Servicequery-service-configquery-service-statusenumerate-service-dependents
osppsvcAccess Allowed for Network Servicestart-servicenterrogate-service-
osppsvcAccess Allowed for Interactive Logonquery-service-configquery-service-statusenumerate-service-dependents
osppsvcAccess Allowed for Interactive Logonstart-servicenterrogate-service-
osppsvcAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
osppsvcAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
osppsvcAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
osppsvcAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
osppsvcAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
osppsvcAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
osppsvcAccess Allowed for Administratorsstop-servicepause-continue-service-
osppsvcAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
osppsvcAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
PlugPlayAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
PlugPlayAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
PlugPlayAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
PlugPlayAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
PlugPlayAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
PlugPlayAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
PlugPlayAccess Allowed for Administratorsstop-servicepause-continue-service-
PlugPlayAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
PlugPlayAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
PlugPlayAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
PlugPlayAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
PolicyAgentAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
PolicyAgentAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
PolicyAgentAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
PolicyAgentAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
PolicyAgentAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
PolicyAgentAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
PolicyAgentAccess Allowed for Administratorsstop-servicepause-continue-service-
PolicyAgentAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
PolicyAgentAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
PolicyAgentAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
PolicyAgentAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
PowerAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
PowerAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
PowerAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
PowerAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
PowerAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
PowerAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
PowerAccess Allowed for Administratorsstop-servicepause-continue-service-
PowerAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
PowerAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
PowerAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
PowerAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
ProfSvcAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
ProfSvcAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
ProfSvcAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
ProfSvcAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
ProfSvcAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
ProfSvcAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
ProfSvcAccess Allowed for Administratorsstop-servicepause-continue-service-
ProfSvcAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
ProfSvcAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
ProfSvcAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
ProfSvcAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
ProtectedStorageAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
ProtectedStorageAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
ProtectedStorageAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
ProtectedStorageAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
ProtectedStorageAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
ProtectedStorageAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
ProtectedStorageAccess Allowed for Administratorsstop-servicepause-continue-service-
ProtectedStorageAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
ProtectedStorageAccess Allowed for Interactive Logonenumerate-service-dependentsstart-servicenterrogate-service
ProtectedStorageAccess Allowed for Interactive Logonservice-user-defined-control--
ProtectedStorageAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
ProtectedStorageAccess Allowed for Service Logonenumerate-service-dependentsstart-servicenterrogate-service
ProtectedStorageAccess Allowed for Service Logonservice-user-defined-control--
ProtectedStorageAccess Allowed for Authenticated Usersservice-user-defined-control--
RasManAccess Allowed for Authenticated Usersstandard-readquery-service-configquery-service-status
RasManAccess Allowed for Authenticated Usersenumerate-service-dependentsstart-servicenterrogate-service
RasManAccess Allowed for Authenticated Usersservice-user-defined-control--
RasManAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
RasManAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
RasManAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
RasManAccess Allowed for Administratorsstop-servicepause-continue-service-
RemoteRegistryAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
RemoteRegistryAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
RemoteRegistryAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
RemoteRegistryAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
RemoteRegistryAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
RemoteRegistryAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
RemoteRegistryAccess Allowed for Administratorsstop-servicepause-continue-service-
RemoteRegistryAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
RemoteRegistryAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
RemoteRegistryAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
RemoteRegistryAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
RpcEptMapperAccess Allowed for Authenticated Usersstandard-readquery-service-configquery-service-status
RpcEptMapperAccess Allowed for Authenticated Usersnterrogate-service--
RpcEptMapperAccess Allowed for Local Systemstandard-readstandard-write-ownerstandard-write-dac
RpcEptMapperAccess Allowed for Local Systemquery-service-configchange-service-configquery-service-status
RpcEptMapperAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
RpcEptMapperAccess Allowed for Local Systempause-continue-servicenterrogate-service-
RpcEptMapperAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
RpcEptMapperAccess Allowed for Administratorsquery-service-configquery-service-statusenumerate-service-dependents
RpcEptMapperAccess Allowed for Administratorsstart-servicestop-servicepause-continue-service
RpcEptMapperAccess Allowed for Administratorsnterrogate-service--
RpcEptMapperAccess Allowed for Usersquery-service-configquery-service-statusstart-service
RpcEptMapperAccess Allowed for Usersnterrogate-service--
RpcSsAccess Allowed for Authenticated Usersstandard-readquery-service-configquery-service-status
RpcSsAccess Allowed for Authenticated Usersnterrogate-service--
RpcSsAccess Allowed for Local Systemstandard-readstandard-write-ownerstandard-write-dac
RpcSsAccess Allowed for Local Systemquery-service-configchange-service-configquery-service-status
RpcSsAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
RpcSsAccess Allowed for Local Systempause-continue-servicenterrogate-service-
RpcSsAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
RpcSsAccess Allowed for Administratorsquery-service-configquery-service-statusenumerate-service-dependents
RpcSsAccess Allowed for Administratorsstart-servicestop-servicepause-continue-service
RpcSsAccess Allowed for Administratorsnterrogate-service--
RpcSsAccess Allowed for Usersquery-service-configquery-service-statusnterrogate-service
SamSsAccess Allowed for Authenticated Usersstandard-readquery-service-configquery-service-status
SamSsAccess Allowed for Authenticated Usersenumerate-service-dependentsnterrogate-service-
SamSsAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
SamSsAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
SamSsAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
SamSsAccess Allowed for Administratorsstop-servicepause-continue-service-
SamSsAccess Allowed for Interactive Logonquery-service-configquery-service-statusenumerate-service-dependents
SamSsAccess Allowed for Interactive Logonnterrogate-service--
SamSsAccess Allowed for Usersquery-service-configquery-service-statusenumerate-service-dependents
SamSsAccess Allowed for Usersnterrogate-service--
ScheduleAccess Allowed for Authenticated Usersstandard-readquery-service-configquery-service-status
ScheduleAccess Allowed for Authenticated Usersenumerate-service-dependentsnterrogate-service-
ScheduleAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
ScheduleAccess Allowed for Administratorsquery-service-configquery-service-statusenumerate-service-dependents
ScheduleAccess Allowed for Administratorsstart-servicepause-continue-servicenterrogate-service
ScheduleAccess Allowed for Administratorsservice-user-defined-control--
ScheduleAccess Allowed for Local Systemstandard-readstandard-write-ownerstandard-write-dac
ScheduleAccess Allowed for Local Systemstandard-deletequery-service-configchange-service-config
ScheduleAccess Allowed for Local Systemquery-service-statusenumerate-service-dependentsstart-service
ScheduleAccess Allowed for Local Systemstop-servicepause-continue-service-
ScheduleAccess Allowed for Usersstandard-readquery-service-configquery-service-status
ScheduleAccess Allowed for Usersenumerate-service-dependentsnterrogate-service-
SENSAccess Allowed for Authenticated Usersstandard-readquery-service-configquery-service-status
SENSAccess Allowed for Authenticated Usersenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
SENSAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
SENSAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
SENSAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
SENSAccess Allowed for Administratorsstop-servicepause-continue-service-
SENSAccess Allowed for System Operatorsstandard-readstandard-write-ownerstandard-write-dac
SENSAccess Allowed for System Operatorsstandard-deletequery-service-configchange-service-config
SENSAccess Allowed for System Operatorsquery-service-statusenumerate-service-dependentsstart-service
SENSAccess Allowed for System Operatorsstop-servicepause-continue-service-
SENSAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
SENSAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
SENSAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
SessionEnvAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
SessionEnvAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
SessionEnvAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
SessionEnvAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
SessionEnvAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
Results were truncated.
Expand Severity Title Port/Service
2
Microsoft Windows Driver Security Analysis
QID:
105184
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
06/06/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
This test enumerates the security permissions for driver objects on the target Windows system.
IMPACT:
Improper driver object security can let an unauthorized user control critical operating system components.
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
NameAccessACL1ACL2ACL3
ACPIAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
ACPIAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
ACPIAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
ACPIAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
ACPIAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
ACPIAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
ACPIAccess Allowed for Administratorsstop-servicepause-continue-service-
ACPIAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
ACPIAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
ACPIAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
ACPIAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
AFDAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
AFDAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
AFDAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
AFDAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
AFDAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
AFDAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
AFDAccess Allowed for Administratorsstop-servicepause-continue-service-
AFDAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
AFDAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
AFDAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
AFDAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
amdxataAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
amdxataAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
amdxataAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
amdxataAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
amdxataAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
amdxataAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
amdxataAccess Allowed for Administratorsstop-servicepause-continue-service-
amdxataAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
amdxataAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
amdxataAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
amdxataAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
AsyncMacAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
AsyncMacAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
AsyncMacAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
AsyncMacAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
AsyncMacAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
AsyncMacAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
AsyncMacAccess Allowed for Administratorsstop-servicepause-continue-service-
AsyncMacAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
AsyncMacAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
AsyncMacAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
AsyncMacAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
atapiAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
atapiAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
atapiAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
atapiAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
atapiAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
atapiAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
atapiAccess Allowed for Administratorsstop-servicepause-continue-service-
atapiAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
atapiAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
atapiAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
atapiAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
blbdriveAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
blbdriveAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
blbdriveAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
blbdriveAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
blbdriveAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
blbdriveAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
blbdriveAccess Allowed for Administratorsstop-servicepause-continue-service-
blbdriveAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
blbdriveAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
blbdriveAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
blbdriveAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
bowserAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
bowserAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
bowserAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
bowserAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
bowserAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
bowserAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
bowserAccess Allowed for Administratorsstop-servicepause-continue-service-
bowserAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
bowserAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
bowserAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
bowserAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
cdromAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
cdromAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
cdromAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
cdromAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
cdromAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
cdromAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
cdromAccess Allowed for Administratorsstop-servicepause-continue-service-
cdromAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
cdromAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
cdromAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
cdromAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
CLFSAccess Allowed for S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464standard-readstandard-write-ownerstandard-write-dac
CLFSAccess Allowed for S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464standard-deletequery-service-configchange-service-config
CLFSAccess Allowed for S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464query-service-statusenumerate-service-dependentsstart-service
CLFSAccess Allowed for S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464stop-servicepause-continue-service-
CLFSAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
CLFSAccess Allowed for Local Systemenumerate-service-dependentsnterrogate-service-
CLFSAccess Allowed for Administratorsstandard-readquery-service-configquery-service-status
CLFSAccess Allowed for Administratorsenumerate-service-dependentsnterrogate-service-
CLFSAccess Allowed for Usersstandard-readquery-service-configquery-service-status
CLFSAccess Allowed for Usersenumerate-service-dependentsnterrogate-service-
CNGAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
CNGAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
CNGAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
CNGAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
CNGAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
CNGAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
CNGAccess Allowed for Administratorsstop-servicepause-continue-service-
CNGAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
CNGAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
CNGAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
CNGAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
CompositeBusAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
CompositeBusAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
CompositeBusAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
CompositeBusAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
CompositeBusAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
CompositeBusAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
CompositeBusAccess Allowed for Administratorsstop-servicepause-continue-service-
CompositeBusAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
CompositeBusAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
CompositeBusAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
CompositeBusAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
ctxusbmAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
ctxusbmAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
ctxusbmAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
ctxusbmAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
ctxusbmAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
ctxusbmAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
ctxusbmAccess Allowed for Administratorsstop-servicepause-continue-service-
ctxusbmAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
ctxusbmAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
ctxusbmAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
ctxusbmAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
DfsCAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
DfsCAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
DfsCAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
DfsCAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
DfsCAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
DfsCAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
DfsCAccess Allowed for Administratorsstop-servicepause-continue-service-
DfsCAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
DfsCAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
DfsCAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
DfsCAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
discacheAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
discacheAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
discacheAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
discacheAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
discacheAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
discacheAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
discacheAccess Allowed for Administratorsstop-servicepause-continue-service-
discacheAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
discacheAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
discacheAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
discacheAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
DiskAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
DiskAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
DiskAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
DiskAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
DiskAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
DiskAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
DiskAccess Allowed for Administratorsstop-servicepause-continue-service-
DiskAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
DiskAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
DiskAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
DiskAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
dmvscAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
dmvscAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
dmvscAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
dmvscAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
dmvscAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
dmvscAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
dmvscAccess Allowed for Administratorsstop-servicepause-continue-service-
dmvscAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
dmvscAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
dmvscAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
dmvscAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
DpmFilterAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
DpmFilterAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
DpmFilterAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
DpmFilterAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
DpmFilterAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
DpmFilterAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
DpmFilterAccess Allowed for Administratorsstop-servicepause-continue-service-
DpmFilterAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
DpmFilterAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
DpmFilterAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
DpmFilterAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
eeCtrlAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
eeCtrlAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
eeCtrlAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
eeCtrlAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
eeCtrlAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
eeCtrlAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
eeCtrlAccess Allowed for Administratorsstop-servicepause-continue-service-
eeCtrlAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
eeCtrlAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
eeCtrlAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
eeCtrlAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
EraserUtilRebootDrvAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
EraserUtilRebootDrvAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
EraserUtilRebootDrvAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
EraserUtilRebootDrvAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
EraserUtilRebootDrvAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
EraserUtilRebootDrvAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
EraserUtilRebootDrvAccess Allowed for Administratorsstop-servicepause-continue-service-
EraserUtilRebootDrvAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
EraserUtilRebootDrvAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
EraserUtilRebootDrvAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
EraserUtilRebootDrvAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
fdcAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
fdcAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
fdcAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
fdcAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
fdcAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
fdcAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
fdcAccess Allowed for Administratorsstop-servicepause-continue-service-
fdcAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
fdcAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
fdcAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
fdcAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
flpydiskAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
flpydiskAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
flpydiskAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
flpydiskAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
flpydiskAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
flpydiskAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
flpydiskAccess Allowed for Administratorsstop-servicepause-continue-service-
flpydiskAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
flpydiskAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
flpydiskAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
flpydiskAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
FltMgrAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
FltMgrAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
FltMgrAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
FltMgrAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
FltMgrAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
FltMgrAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
FltMgrAccess Allowed for Administratorsstop-servicepause-continue-service-
FltMgrAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
FltMgrAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
FltMgrAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
FltMgrAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
HTTPAccess Allowed for Local Systemstandard-readstandard-write-ownerstandard-write-dac
HTTPAccess Allowed for Local Systemstandard-deletequery-service-configchange-service-config
HTTPAccess Allowed for Local Systemquery-service-statusenumerate-service-dependentsstart-service
HTTPAccess Allowed for Local Systemstop-servicepause-continue-service-
HTTPAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
HTTPAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
HTTPAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
HTTPAccess Allowed for Administratorsstop-servicepause-continue-service-
HTTPAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
HTTPAccess Allowed for Interactive Logonenumerate-service-dependentsstart-servicenterrogate-service
HTTPAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
HTTPAccess Allowed for Service Logonenumerate-service-dependentsstart-servicenterrogate-service
HTTPAccess Allowed for Batch Logonstandard-readquery-service-configquery-service-status
HTTPAccess Allowed for Batch Logonenumerate-service-dependentsstart-servicenterrogate-service
hwpolicyAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
hwpolicyAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
hwpolicyAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
hwpolicyAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
hwpolicyAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
hwpolicyAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
hwpolicyAccess Allowed for Administratorsstop-servicepause-continue-service-
hwpolicyAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
hwpolicyAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
hwpolicyAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
hwpolicyAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
i8042prtAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
i8042prtAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
i8042prtAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
i8042prtAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
i8042prtAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
i8042prtAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
i8042prtAccess Allowed for Administratorsstop-servicepause-continue-service-
i8042prtAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
i8042prtAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
i8042prtAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
i8042prtAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
intelideAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
intelideAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
intelideAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
intelideAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
intelideAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
intelideAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
intelideAccess Allowed for Administratorsstop-servicepause-continue-service-
intelideAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
intelideAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
intelideAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
intelideAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
intelppmAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
intelppmAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
intelppmAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
intelppmAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
intelppmAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
intelppmAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
intelppmAccess Allowed for Administratorsstop-servicepause-continue-service-
intelppmAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
intelppmAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
intelppmAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
intelppmAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
kbdclassAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
kbdclassAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
kbdclassAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
kbdclassAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
kbdclassAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
kbdclassAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
kbdclassAccess Allowed for Administratorsstop-servicepause-continue-service-
kbdclassAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
kbdclassAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
kbdclassAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
kbdclassAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
KSecDDAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
KSecDDAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
KSecDDAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
KSecDDAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
KSecDDAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
KSecDDAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
KSecDDAccess Allowed for Administratorsstop-servicepause-continue-service-
KSecDDAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
KSecDDAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
KSecDDAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
KSecDDAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
KSecPkgAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
KSecPkgAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
KSecPkgAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
KSecPkgAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
KSecPkgAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
KSecPkgAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
KSecPkgAccess Allowed for Administratorsstop-servicepause-continue-service-
KSecPkgAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
KSecPkgAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
KSecPkgAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
KSecPkgAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
lltdioAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
lltdioAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
lltdioAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
lltdioAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
lltdioAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
lltdioAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
lltdioAccess Allowed for Administratorsstop-servicepause-continue-service-
lltdioAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
lltdioAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
lltdioAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
lltdioAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
luafvAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
luafvAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
luafvAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
luafvAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
luafvAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
luafvAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
luafvAccess Allowed for Administratorsstop-servicepause-continue-service-
luafvAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
luafvAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
luafvAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
luafvAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
mouclassAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
mouclassAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
mouclassAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
mouclassAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
mouclassAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
mouclassAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
mouclassAccess Allowed for Administratorsstop-servicepause-continue-service-
mouclassAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
mouclassAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
mouclassAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
mouclassAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
mouhidAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
mouhidAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
mouhidAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
mouhidAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
mouhidAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
mouhidAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
mouhidAccess Allowed for Administratorsstop-servicepause-continue-service-
mouhidAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
mouhidAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
mouhidAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
mouhidAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
mountmgrAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
mountmgrAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
mountmgrAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
mountmgrAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
mountmgrAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
mountmgrAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
mountmgrAccess Allowed for Administratorsstop-servicepause-continue-service-
mountmgrAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
mountmgrAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
mountmgrAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
mountmgrAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
mpsdrvAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
mpsdrvAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
mpsdrvAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
mpsdrvAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
mpsdrvAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
mpsdrvAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
mpsdrvAccess Allowed for Administratorsstop-servicepause-continue-service-
mpsdrvAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
mpsdrvAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
mpsdrvAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
mpsdrvAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
mrxsmbAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
mrxsmbAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
mrxsmbAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
mrxsmbAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
mrxsmbAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
mrxsmbAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
mrxsmbAccess Allowed for Administratorsstop-servicepause-continue-service-
mrxsmbAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
mrxsmbAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
mrxsmbAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
mrxsmbAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
mrxsmb10Access Allowed for Local Systemstandard-readquery-service-configquery-service-status
mrxsmb10Access Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
mrxsmb10Access Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
mrxsmb10Access Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
mrxsmb10Access Allowed for Administratorsstandard-deletequery-service-configchange-service-config
mrxsmb10Access Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
mrxsmb10Access Allowed for Administratorsstop-servicepause-continue-service-
mrxsmb10Access Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
mrxsmb10Access Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
mrxsmb10Access Allowed for Service Logonstandard-readquery-service-configquery-service-status
mrxsmb10Access Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
mrxsmb20Access Allowed for Local Systemstandard-readquery-service-configquery-service-status
mrxsmb20Access Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
mrxsmb20Access Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
mrxsmb20Access Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
mrxsmb20Access Allowed for Administratorsstandard-deletequery-service-configchange-service-config
mrxsmb20Access Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
mrxsmb20Access Allowed for Administratorsstop-servicepause-continue-service-
mrxsmb20Access Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
mrxsmb20Access Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
mrxsmb20Access Allowed for Service Logonstandard-readquery-service-configquery-service-status
mrxsmb20Access Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
MsfsAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
MsfsAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
MsfsAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
MsfsAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
MsfsAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
MsfsAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
MsfsAccess Allowed for Administratorsstop-servicepause-continue-service-
MsfsAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
MsfsAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
MsfsAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
MsfsAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
msisadrvAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
msisadrvAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
msisadrvAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
msisadrvAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
msisadrvAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
msisadrvAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
msisadrvAccess Allowed for Administratorsstop-servicepause-continue-service-
msisadrvAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
msisadrvAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
msisadrvAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
msisadrvAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
mssmbiosAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
mssmbiosAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
mssmbiosAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
mssmbiosAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
mssmbiosAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
mssmbiosAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
mssmbiosAccess Allowed for Administratorsstop-servicepause-continue-service-
mssmbiosAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
mssmbiosAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
mssmbiosAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
mssmbiosAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
MupAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
MupAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
MupAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
MupAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
MupAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
MupAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
MupAccess Allowed for Administratorsstop-servicepause-continue-service-
MupAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
MupAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
MupAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
MupAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
NAVENGAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
NAVENGAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
NAVENGAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
NAVENGAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
NAVENGAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
NAVENGAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
NAVENGAccess Allowed for Administratorsstop-servicepause-continue-service-
NAVENGAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
NAVENGAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
NAVENGAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
NAVENGAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
NAVEX15Access Allowed for Local Systemstandard-readquery-service-configquery-service-status
NAVEX15Access Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
NAVEX15Access Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
NAVEX15Access Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
NAVEX15Access Allowed for Administratorsstandard-deletequery-service-configchange-service-config
NAVEX15Access Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
NAVEX15Access Allowed for Administratorsstop-servicepause-continue-service-
NAVEX15Access Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
NAVEX15Access Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
NAVEX15Access Allowed for Service Logonstandard-readquery-service-configquery-service-status
NAVEX15Access Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
NDISAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
NDISAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
NDISAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
NDISAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
NDISAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
NDISAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
NDISAccess Allowed for Administratorsstop-servicepause-continue-service-
NDISAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
NDISAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
NDISAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
NDISAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
NdisTapiAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
NdisTapiAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
NdisTapiAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
NdisTapiAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
NdisTapiAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
Results were truncated.
Expand Severity Title Port/Service
2
Microsoft Windows Effective Permission on Shares Enumerated
QID:
105185
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
07/22/2009
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Effective security permissions for shares on the target host are enumerated.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
shareSHARE TYPEACE TYPENAMEPRIMARY GROUPACE1ACE2ACE3ADDITIONAL INFO
ADMIN$Hidden DirectoryAccess Allowed for GroupNT SERVICE\TrustedInstallerNT SERVICE\TrustedInstallergeneric-allstandard-readstandard-write-owner-
ADMIN$Hidden DirectoryAccess Allowed for GroupNT SERVICE\TrustedInstallerNT SERVICE\TrustedInstallerstandard-write-dacstandard-delete--
ADMIN$Hidden DirectoryAccess Allowed for GroupLocal SystemNT SERVICE\TrustedInstallergeneric-allstandard-readstandard-delete-
ADMIN$Hidden DirectoryAccess Allowed for GroupAdministratorsNT SERVICE\TrustedInstallergeneric-allstandard-readstandard-delete-
ADMIN$Hidden DirectoryAccess Allowed for GroupUsersNT SERVICE\TrustedInstallergeneric-readgeneric-executestandard-read-
ADMIN$Hidden DirectoryAccess Allowed for GroupCreator OwnerNT SERVICE\TrustedInstallergeneric-all---
C$Hidden DirectoryAccess Allowed for GroupLocal SystemNT SERVICE\TrustedInstallerstandard-readstandard-write-ownerstandard-write-dac-
C$Hidden DirectoryAccess Allowed for GroupLocal SystemNT SERVICE\TrustedInstallerstandard-delete---
C$Hidden DirectoryAccess Allowed for GroupAdministratorsNT SERVICE\TrustedInstallerstandard-readstandard-write-ownerstandard-write-dac-
C$Hidden DirectoryAccess Allowed for GroupAdministratorsNT SERVICE\TrustedInstallerstandard-delete---
C$Hidden DirectoryAccess Allowed for GroupUsersNT SERVICE\TrustedInstallerstandard-read---
C$Hidden DirectoryAccess Allowed for GroupCreator OwnerNT SERVICE\TrustedInstallergeneric-all---
IPC$Hidden_IPCNo_Explicit_DACLS-----Results_may_be_incomplete
MTATempStore$DirectoryAccess Allowed for GroupSOP-TS2\DPMRADCOMTrustedMachinesLocal Systemstandard-readstandard-write-ownerstandard-write-dac-
MTATempStore$DirectoryAccess Allowed for GroupSOP-TS2\DPMRADCOMTrustedMachinesLocal Systemstandard-delete---
MTATempStore$DirectoryAccess Allowed for GroupAdministratorsLocal Systemstandard-readstandard-write-ownerstandard-write-dac-
MTATempStore$DirectoryAccess Allowed for GroupAdministratorsLocal Systemstandard-delete---
MTATempStore$DirectoryAccess Allowed for GroupLocal SystemLocal Systemstandard-readstandard-write-ownerstandard-write-dac-
MTATempStore$DirectoryAccess Allowed for GroupLocal SystemLocal Systemstandard-delete---
MTATempStore$DirectoryAccess Allowed for GroupUsersLocal Systemgeneric-writestandard-read--
Expand Severity Title Port/Service
2
Microsoft Windows Hardening - Service Configuration
QID:
105187
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
06/06/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The service configuration for each win32 service, including the service startup type and service account name, is enumerated.

Turning off non-essential services is an important step in hardening a Windows system.

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
NameStarttypeAccountName
Application ExperienceManuallocalSystem
Application Layer Gateway ServiceManualNT AUTHORITY\LocalService
Application IdentityManualNT Authority\LocalService
Application InformationManualLocalSystem
Application ManagementManualLocalSystem
ASP.NET State ServiceManualNT AUTHORITY\NetworkService
Windows Audio Endpoint BuilderManualLocalSystem
Windows AudioAutomaticNT AUTHORITY\LocalService
Base Filtering EngineAutomaticNT AUTHORITY\LocalService
Background Intelligent Transfer ServiceManualLocalSystem
Computer BrowserDisabledLocalSystem
Symantec Event ManagerAutomaticLocalSystem
Symantec Settings ManagerAutomaticLocalSystem
Certificate PropagationManualLocalSystem
Microsoft .NET Framework NGEN v2.0.50727 X86DisabledLocalSystem
Microsoft .NET Framework NGEN v2.0.50727 X64DisabledLocalSystem
Microsoft .NET Framework NGEN v4.0.30319 X86AutomaticLocalSystem
Microsoft .NET Framework NGEN v4.0.30319 X64AutomaticLocalSystem
COM+ System ApplicationManualLocalSystem
Cryptographic ServicesAutomaticNT Authority\NetworkService
Offline FilesDisabledLocalSystem
DCOM Server Process LauncherAutomaticLocalSystem
Disk DefragmenterManuallocalSystem
DHCP ClientAutomaticNT Authority\LocalService
DNS ClientAutomaticNT AUTHORITY\NetworkService
Wired AutoConfigManuallocalSystem
DPM CPWrapper ServiceDisabledLocalSystem
DPMRAManualLocalSystem
Diagnostic Policy ServiceAutomaticNT AUTHORITY\LocalService
Extensible Authentication ProtocolManuallocalSystem
Encrypting File System (EFS)ManualLocalSystem
Windows Event LogAutomaticNT AUTHORITY\LocalService
COM+ Event SystemAutomaticNT AUTHORITY\LocalService
Microsoft Fibre Channel Platform Registration ServiceManualNT AUTHORITY\LocalService
Function Discovery Provider HostManualNT AUTHORITY\LocalService
Function Discovery Resource PublicationManualNT AUTHORITY\LocalService
Windows Font Cache ServiceAutomaticNT AUTHORITY\LocalService
Windows Presentation Foundation Font Cache 3.0.0.0ManualNT Authority\LocalService
Group Policy ClientAutomaticLocalSystem
Human Interface Device AccessManualLocalSystem
Health Key and Certificate ManagementManuallocalSystem
Windows CardSpaceManualLocalSystem
IKE and AuthIP IPsec Keying ModulesAutomaticLocalSystem
PnP-X IP Bus EnumeratorDisabledLocalSystem
IP HelperAutomaticLocalSystem
CNG Key IsolationManualLocalSystem
KtmRm for Distributed Transaction CoordinatorManualNT AUTHORITY\NetworkService
ServerAutomaticLocalSystem
WorkstationAutomaticNT AUTHORITY\NetworkService
LiveUpdateManualLocalSystem
Link-Layer Topology Discovery MapperManualNT AUTHORITY\LocalService
TCP/IP NetBIOS HelperAutomaticNT AUTHORITY\LocalService
Microsoft SharePoint Workspace Audit ServiceManualNT AUTHORITY\LocalService
Multimedia Class SchedulerManualLocalSystem
Windows FirewallAutomaticNT Authority\LocalService
Distributed Transaction CoordinatorAutomaticNT AUTHORITY\NetworkService
Microsoft iSCSI Initiator ServiceManualLocalSystem
Windows InstallerManualLocalSystem
Network Access Protection AgentManualNT AUTHORITY\NetworkService
NetlogonAutomaticLocalSystem
Network ConnectionsManualLocalSystem
Net.Msmq Listener AdapterDisabledNT AUTHORITY\NetworkService
Net.Pipe Listener AdapterDisabledNT AUTHORITY\LocalService
Network List ServiceManualNT AUTHORITY\LocalService
Net.Tcp Listener AdapterDisabledNT AUTHORITY\LocalService
Net.Tcp Port Sharing ServiceDisabledNT AUTHORITY\LocalService
Network Location AwarenessAutomaticNT AUTHORITY\NetworkService
Network Store Interface ServiceAutomaticNT Authority\LocalService
Office_Source EngineManualLocalSystem
Office Software Protection PlatformManualNT AUTHORITY\NetworkService
Performance Counter DLL HostManualNT AUTHORITY\LocalService
Performance Logs & AlertsManualNT AUTHORITY\LocalService
Plug and PlayAutomaticLocalSystem
IPsec Policy AgentManualNT Authority\NetworkService
PowerAutomaticLocalSystem
User Profile ServiceAutomaticLocalSystem
Protected StorageManualLocalSystem
Remote Access Auto Connection ManagerManuallocalSystem
Remote Access Connection ManagerManuallocalSystem
Routing and Remote AccessDisabledlocalSystem
Remote RegistryAutomaticNT AUTHORITY\LocalService
RPC Endpoint MapperAutomaticNT AUTHORITY\NetworkService
Remote Procedure Call (RPC) LocatorManualNT AUTHORITY\NetworkService
Remote Procedure Call (RPC)AutomaticNT AUTHORITY\NetworkService
Resultant Set of Policy ProviderManualLocalSystem
Special Administration Console HelperManualLocalSystem
Security Accounts ManagerAutomaticLocalSystem
Smart CardManualNT AUTHORITY\LocalService
Task SchedulerAutomaticLocalSystem
Smart Card Removal PolicyManualLocalSystem
Secondary LogonManualLocalSystem
System Event Notification ServiceAutomaticLocalSystem
Remote Desktop ConfigurationManuallocalSystem
Internet Connection Sharing (ICS)AutomaticLocalSystem
Shell Hardware DetectionAutomaticLocalSystem
Symantec Management ClientAutomaticLocalSystem
Symantec Network Access ControlDisabledLocalSystem
SNMP TrapManualNT AUTHORITY\LocalService
Print SpoolerAutomaticLocalSystem
Software ProtectionAutomaticNT AUTHORITY\NetworkService
SPP Notification ServiceManualNT AUTHORITY\LocalService
SSDP DiscoveryDisabledNT AUTHORITY\LocalService
Secure Socket Tunneling Protocol ServiceManualNT Authority\LocalService
Windows Image Acquisition (WIA)ManualNT Authority\LocalService
Microsoft Software Shadow Copy ProviderManualLocalSystem
Tablet PC Input ServiceManualLocalSystem
TelephonyManualNT AUTHORITY\NetworkService
TPM Base ServicesManualNT AUTHORITY\LocalService
Remote Desktop ServicesManualNT Authority\NetworkService
ThemesAutomaticLocalSystem
Thread Ordering ServerManualNT AUTHORITY\LocalService
Distributed Link Tracking ClientAutomaticLocalSystem
Windows Modules InstallerManuallocalSystem
Interactive Services DetectionManualLocalSystem
Remote Desktop Services UserMode Port RedirectorManuallocalSystem
UPnP Device HostDisabledNT AUTHORITY\LocalService
Desktop Window Manager Session ManagerAutomaticlocalSystem
Credential ManagerManualLocalSystem
Virtual DiskManualLocalSystem
Hyper-V Heartbeat ServiceAutomaticNT AUTHORITY\NetworkService
Hyper-V Data Exchange ServiceAutomaticNT AUTHORITY\LocalService
Hyper-V Guest Shutdown ServiceAutomaticLocalSystem
Hyper-V Time Synchronization ServiceAutomaticNT AUTHORITY\LocalService
Hyper-V Volume Shadow Copy RequestorAutomaticLocalSystem
Volume Shadow CopyManualLocalSystem
Windows TimeManualNT AUTHORITY\LocalService
Block Level Backup Engine ServiceManualLocalSystem
Windows Color SystemManualNT AUTHORITY\LocalService
Diagnostic Service HostManualNT AUTHORITY\LocalService
Diagnostic System HostManualLocalSystem
WebClientManualNT AUTHORITY\LocalService
Windows Event CollectorManualNT AUTHORITY\NetworkService
Problem Reports and Solutions Control Panel SupportManuallocalSystem
Windows Error Reporting ServiceManuallocalSystem
Windows DefenderAutomaticLocalSystem
WinHTTP Web Proxy Auto-Discovery ServiceManualNT AUTHORITY\LocalService
Windows Management InstrumentationAutomaticlocalSystem
Windows Remote Management (WS-Management)AutomaticNT AUTHORITY\NetworkService
WMI Performance AdapterManuallocalSystem
Portable Device Enumerator ServiceManualLocalSystem
Windows UpdateAutomaticLocalSystem
Windows Driver Foundation - User-mode Driver FrameworkManualLocalSystem
Expand Severity Title Port/Service
2
Microsoft Windows Folder Permission Check - Folders Under SystemRoot
QID:
105188
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/11/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Permissions for critical system files and folders are enumerated. Keeping these files and folders secure is critical for keeping the system secure.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Type: SOX
Section: N/A
Description: All critical network segments and those network segments containing servers/equipment performing production process/support of Sarbanes applications/data are protected by proven and tested firewalls at all network entry points.

EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
------------------------------------------------------------
%windir%
------------------------------------------------------------
SYSTEMaccess_allowed synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
Administratorsaccess_allowed synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
Usersaccess_allowed synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
Creator_Owneraccess_allowedobject_inherit=true container_inherit=true inherit_only=truesynchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
------------------------------------------------------------
%windir%\Application Compatibility Scripts
------------------------------------------------------------
SYSTEMaccess_allowed synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
Administratorsaccess_allowed synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
Usersaccess_allowed synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
Creator_Owneraccess_allowedobject_inherit=true container_inherit=true inherit_only=truesynchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
------------------------------------------------------------
%windir%\AppPatch
------------------------------------------------------------
SYSTEMaccess_allowed synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
Administratorsaccess_allowed synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
Usersaccess_allowed synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
Creator_Owneraccess_allowedobject_inherit=true container_inherit=true inherit_only=truesynchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
------------------------------------------------------------
%windir%\CSC
------------------------------------------------------------
SYSTEMaccess_allowed synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
Administratorsaccess_allowed synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
Usersaccess_allowed synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
Creator_Owneraccess_allowedobject_inherit=true container_inherit=true inherit_only=truesynchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
------------------------------------------------------------
%windir%\debug
------------------------------------------------------------
SYSTEMaccess_allowed synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
Administratorsaccess_allowed synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
Usersaccess_allowed synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
Creator_Owneraccess_allowedobject_inherit=true container_inherit=true inherit_only=truesynchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
------------------------------------------------------------
%windir%\Help
------------------------------------------------------------
SYSTEMaccess_allowed synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
Administratorsaccess_allowed synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
Usersaccess_allowed synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
Creator_Owneraccess_allowedobject_inherit=true container_inherit=true inherit_only=truesynchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
------------------------------------------------------------
%windir%\inf
------------------------------------------------------------
SYSTEMaccess_allowed synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
Administratorsaccess_allowed synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
Usersaccess_allowed synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
Creator_Owneraccess_allowedobject_inherit=true container_inherit=true inherit_only=truesynchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
------------------------------------------------------------
%windir%\installer
------------------------------------------------------------
SYSTEMaccess_allowedobject_inherit=true container_inherit=truesynchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
Everyoneaccess_allowedobject_inherit=true container_inherit=truesynchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
Administratorsaccess_allowedobject_inherit=true container_inherit=truesynchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
------------------------------------------------------------
%windir%\media
------------------------------------------------------------
SYSTEMaccess_allowed synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
Administratorsaccess_allowed synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
Usersaccess_allowed synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
Creator_Owneraccess_allowedobject_inherit=true container_inherit=true inherit_only=truesynchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
------------------------------------------------------------
%windir%\Registration
------------------------------------------------------------
Administratorsaccess_allowedobject_inherit=truesynchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
Everyoneaccess_allowedobject_inherit=truesynchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
SYSTEMaccess_allowedobject_inherit=truesynchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
------------------------------------------------------------
%windir%\security
------------------------------------------------------------
SYSTEMaccess_allowed synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
Administratorsaccess_allowed synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
Usersaccess_allowed synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
Creator_Owneraccess_allowedobject_inherit=true container_inherit=true inherit_only=truesynchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
------------------------------------------------------------
%windir%\Temp
------------------------------------------------------------
Usersaccess_allowedcontainer_inherit=truesynchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
Administratorsaccess_allowed synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
SYSTEMaccess_allowed synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
Creator_Owneraccess_allowedobject_inherit=true container_inherit=true inherit_only=truesynchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
------------------------------------------------------------
%ProgramFiles%\Common Files
------------------------------------------------------------
SYSTEMaccess_allowed synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
Administratorsaccess_allowed synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
Usersaccess_allowed synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
Creator_Owneraccess_allowedobject_inherit=true container_inherit=true inherit_only=truesynchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
Expand Severity Title Port/Service
2
Microsoft Windows Folder Permission Check - Folders Under System32
QID:
105189
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/11/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The permissions of critical folders under the System32 directory are enumerated.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
------------------------------------------------------------
%windir%\System32
------------------------------------------------------------
SYSTEMaccess_allowed synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
Administratorsaccess_allowed synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
Usersaccess_allowed synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
Creator_Owneraccess_allowedobject_inherit=true container_inherit=true inherit_only=truesynchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
------------------------------------------------------------
%windir%\System32\appmgmt
------------------------------------------------------------
SYSTEMaccess_allowedobject_inherit=true container_inherit=truesynchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
Administratorsaccess_allowedobject_inherit=true container_inherit=truesynchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
Everyoneaccess_allowed synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
------------------------------------------------------------
%windir%\System32\ias
------------------------------------------------------------
Administratorsaccess_allowed synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
NETWORK_SERVICEaccess_allowed synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
SYSTEMaccess_allowed synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
------------------------------------------------------------
%windir%\System32\Config
------------------------------------------------------------
SYSTEMaccess_allowedobject_inherit=true container_inherit=truesynchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
Administratorsaccess_allowedobject_inherit=true container_inherit=truesynchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
Creator_Owneraccess_allowedobject_inherit=true container_inherit=true inherit_only=truesynchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
------------------------------------------------------------
%windir%\System32\spool\printers
------------------------------------------------------------
Usersaccess_allowedcontainer_inherit=truesynchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
Administratorsaccess_allowed synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
Creator_Owneraccess_allowedobject_inherit=true container_inherit=true inherit_only=truesynchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
SYSTEMaccess_allowedobject_inherit=true container_inherit=truesynchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
------------------------------------------------------------
%windir%\System32\LogFiles
------------------------------------------------------------
SYSTEMaccess_allowed synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
Administratorsaccess_allowed synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
Usersaccess_allowed synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
Creator_Owneraccess_allowedobject_inherit=true container_inherit=true inherit_only=truesynchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
------------------------------------------------------------
%windir%\System32\inetsrv
------------------------------------------------------------
SYSTEMaccess_allowed synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
Administratorsaccess_allowed synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
Usersaccess_allowed synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
Creator_Owneraccess_allowedobject_inherit=true container_inherit=true inherit_only=truesynchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
Expand Severity Title Port/Service
2
Microsoft Windows File Security Check - C: System Files
QID:
105190
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
04/13/2006
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The security permissions for system files which are located on C: (primary partition drive) are enumerated. It is important that these files are properly secured.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Type: HIPAA
Section: 164.308(a)(ii)(D)
Description: Password management (Addressable). Procedures for creating, changing, and safeguarding passwords.

Type: SOX
Section: N/A
Description: Every user has a confidential password for access into a Company's system resources. These passwords are: 1) Changed frequently, as all individual users are automatically required to change their passwords 2) The display and printing of passwords is masked, suppressed, or otherwise obscured so that unauthorized parties will not be able to observe or subsequently recover them.

EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
------------------------------------------------------------
c:\
------------------------------------------------------------
SYSTEMaccess_allowedobject_inherit=true container_inherit=truesynchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
Administratorsaccess_allowedobject_inherit=true container_inherit=truesynchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
Usersaccess_allowedobject_inherit=true container_inherit=truesynchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
Creator_Owneraccess_allowedobject_inherit=true container_inherit=true inherit_only=truesynchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
------------------------------------------------------------
%ProgramFiles%
------------------------------------------------------------
SYSTEMaccess_allowed synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
Administratorsaccess_allowed synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
Usersaccess_allowed synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
Creator_Owneraccess_allowedobject_inherit=true container_inherit=true inherit_only=truesynchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
------------------------------------------------------------
%CommonProgramFiles%
------------------------------------------------------------
SYSTEMaccess_allowed synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
Administratorsaccess_allowed synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
Usersaccess_allowed synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
Creator_Owneraccess_allowedobject_inherit=true container_inherit=true inherit_only=truesynchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
Expand Severity Title Port/Service
2
Microsoft Windows Folder Security - Folders Under Document and Settings
QID:
105191
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/11/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The permissions of common folders under the Document and Settings folder are enumerated.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
------------------------------------------------------------
%userprofile%\Administrator
------------------------------------------------------------
SYSTEMaccess_allowedobject_inherit=true container_inherit=truesynchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
Administratorsaccess_allowedobject_inherit=true container_inherit=truesynchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
sop.adminaccess_allowedobject_inherit=true container_inherit=truesynchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
Expand Severity Title Port/Service
2
Administrator Group Members Enumerated
QID:
105231
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
08/30/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Members of the built-in Administrator Group are enumerated from the target Microsoft Windows system.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Administrators SOP-TS2\sop.admin
Administrators AD\SOP_Server Admins
Administrators S-1-5-21-344340502-4252695000-2390403120-1430189
Administrators AD\DOM_Qualys Scanners
Expand Severity Title Port/Service
2
Security Permissions for Important CIFS Pipes
QID:
105244
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
09/29/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The security permissions for important operating system created named pipes are enumerated from the target Microsoft Windows system.
IMPACT:
Critical system interfaces are exposed through several CIFS pipes. Insecure permission settings can aid unauthorized access.
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
------------------------------------------------------------
\SAMR
------------------------------------------------------------
Everyone access_allowed write_attributes write_data read_attributes write_extended_attributes standard_read read_extended_attributes read_data
AnonymousLogon access_allowed write_attributes write_data read_attributes write_extended_attributes standard_read read_extended_attributes read_data
Administrators access_allowed read_data delete_child standard_read write_extended_attributes read_attributes write_attributes standard_delete write_data execute append_data read_extended_attributes standard_write_dac standard_write_owner
------------------------------------------------------------
\eventlog
------------------------------------------------------------
Everyone access_allowed write_attributes write_data read_attributes write_extended_attributes standard_read read_extended_attributes read_data
------------------------------------------------------------
\winreg
------------------------------------------------------------
Everyone access_allowed write_attributes write_data read_attributes write_extended_attributes standard_read read_extended_attributes read_data
AnonymousLogon access_allowed write_attributes write_data read_attributes write_extended_attributes standard_read read_extended_attributes read_data
------------------------------------------------------------
\srvsvc
------------------------------------------------------------
AnonymousLogon access_allowed write_attributes write_data read_attributes write_extended_attributes standard_read read_extended_attributes read_data
Everyone access_allowed write_attributes write_data read_attributes write_extended_attributes standard_read read_extended_attributes read_data
SYSTEM access_allowed read_data delete_child standard_read write_extended_attributes read_attributes write_attributes standard_delete write_data execute append_data read_extended_attributes standard_write_dac standard_write_owner
------------------------------------------------------------
\lsass
------------------------------------------------------------
Everyone access_allowed write_attributes write_data read_attributes write_extended_attributes standard_read read_extended_attributes read_data
AnonymousLogon access_allowed write_attributes write_data read_attributes write_extended_attributes standard_read read_extended_attributes read_data
Administrators access_allowed read_data delete_child standard_read write_extended_attributes read_attributes write_attributes standard_delete write_data execute append_data read_extended_attributes standard_write_dac standard_write_owner
------------------------------------------------------------
\svcctl
------------------------------------------------------------
Everyone access_allowed write_attributes write_data read_attributes write_extended_attributes standard_read read_extended_attributes read_data
AnonymousLogon access_allowed write_attributes write_data read_attributes write_extended_attributes standard_read read_extended_attributes read_data
Administrators access_allowed read_data delete_child standard_read write_extended_attributes read_attributes write_attributes standard_delete write_data execute append_data read_extended_attributes standard_write_dac standard_write_owner
------------------------------------------------------------
\wkssvc
------------------------------------------------------------
AnonymousLogon access_allowed write_attributes write_data read_attributes write_extended_attributes standard_read read_extended_attributes read_data
Everyone access_allowed write_attributes write_data read_attributes write_extended_attributes standard_read read_extended_attributes read_data
SYSTEM access_allowed read_data delete_child standard_read write_extended_attributes read_attributes write_attributes standard_delete write_data execute append_data read_extended_attributes standard_write_dac standard_write_owner
NETWORK_SERVICE access_allowed read_data delete_child standard_read write_extended_attributes read_attributes write_attributes standard_delete write_data execute append_data read_extended_attributes standard_write_dac standard_write_owner
------------------------------------------------------------
\NETLOGON
------------------------------------------------------------
Everyone access_allowed write_attributes write_data read_attributes write_extended_attributes standard_read read_extended_attributes read_data
AnonymousLogon access_allowed write_attributes write_data read_attributes write_extended_attributes standard_read read_extended_attributes read_data
Administrators access_allowed read_data delete_child standard_read write_extended_attributes read_attributes write_attributes standard_delete write_data execute append_data read_extended_attributes standard_write_dac standard_write_owner
Expand Severity Title Port/Service
2
Last Successful User Login
QID:
105311
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
02/01/2007
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The last successful user login was able to be determined. Refer to the Results section of this QID for details.
IMPACT:
Please make sure this finding is in compliance with your company's security policy.
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
HKLM\Software\Microsoft\Windows\CurrentVersion\Authentication\LogonUI
LastLoggedOnProvider = {6F45DC1E-5384-457A-BC13-2CD81B0D28ED}
HKLM\Software\Microsoft\Windows\CurrentVersion\Authentication\LogonUI
LastLoggedOnSAMUser = AD\sop_cdfreema.adm
HKLM\Software\Microsoft\Windows\CurrentVersion\Authentication\LogonUI
LastLoggedOnUser = AD\sop_cdfreema.adm
Expand Severity Title Port/Service
2
Microsoft Windows Permission on Shares Enumerated
QID:
105335
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
08/03/2009
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Security permissions for shares on the target host are enumerated.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
shareSHARE TYPEACE TYPENAMEOWNERACE1ACE2ACE3
ADMIN$Hidden_DirectoryNo_Explicit_DACLS-----
C$Hidden_DirectoryNo_Explicit_DACLS-----
IPC$Hidden_IPCNo_Explicit_DACLS-----
MTATempStore$DirectoryAccess Allowed for GroupAdministratorsLocal Systemstandard-readstandard-write-ownerstandard-write-dacMTATempStore$DirectoryAccess Allowed for GroupAdministratorsLocal Systemstandard-delete--MTATempStore$DirectoryAccess Allowed for GroupLocal SystemLocal Systemstandard-readstandard-write-ownerstandard-write-dacMTATempStore$DirectoryAccess Allowed for GroupLocal SystemLocal Systemstandard-delete--MTATempStore$DirectoryAccess Allowed for GroupSOP-TS2\DPMRADCOMTrustedMachinesLocal Systemstandard-readstandard-write-ownerstandard-write-dacMTATempStore$DirectoryAccess Allowed for GroupSOP-TS2\DPMRADCOMTrustedMachinesLocal Systemstandard-delete--
Expand Severity Title Port/Service
2
Recently Installed Windows Applications
QID:
125007
Category:
Forensics
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
03/23/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Recently installed applications on the host are enumerated from the application event log database.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Time : Tue Mar 19 12:28:38 2013
Source : MsiInstaller , Event: 11707 Descr: The Following Software Installation Succeeded Param: Product: Java(TM) 6 Update 43 -- Installation operation completed successfully.
Expand Severity Title Port/Service
2
Recently Updated Windows Applications
QID:
125008
Category:
Forensics
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
03/23/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Recently updated Windows applications on the host are enumerated.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Time : Wed Mar 20 01:07:22 2013
Source : MsiInstaller , Event: 11728 Descr: The Following Software Configuration Succeeded Param: Product: Microsoft Office Office 64-bit Components 2010 -- Configuration completed successfully.
Time : Wed Mar 20 01:07:20 2013
Source : MsiInstaller , Event: 11728 Descr: The Following Software Configuration Succeeded Param: Product: Microsoft Office Professional Plus 2010 -- Configuration completed successfully.
Time : Wed Mar 20 01:07:10 2013
Source : MsiInstaller , Event: 11728 Descr: The Following Software Configuration Succeeded Param: Product: Microsoft Office Professional Plus 2010 -- Configuration completed successfully.
Time : Wed Mar 20 01:05:11 2013
Source : MsiInstaller , Event: 11728 Descr: The Following Software Configuration Succeeded Param: Product: Microsoft Office Professional Plus 2010 -- Configuration completed successfully.
Time : Wed Mar 20 01:04:35 2013
Source : MsiInstaller , Event: 11728 Descr: The Following Software Configuration Succeeded Param: Product: Microsoft Office Professional Plus 2010 -- Configuration completed successfully.
Time : Wed Mar 20 01:03:37 2013
Source : MsiInstaller , Event: 11728 Descr: The Following Software Configuration Succeeded Param: Product: Microsoft Office Professional Plus 2010 -- Configuration completed successfully.
Time : Wed Mar 20 01:03:05 2013
Source : MsiInstaller , Event: 11728 Descr: The Following Software Configuration Succeeded Param: Product: Microsoft Silverlight -- Configuration completed successfully.
Time : Wed Mar 20 01:00:40 2013
Source : MsiInstaller , Event: 11728 Descr: The Following Software Configuration Succeeded Param: Product: Microsoft Office Office 64-bit Components 2010 -- Configuration completed successfully.
Time : Wed Mar 20 01:00:37 2013
Source : MsiInstaller , Event: 11728 Descr: The Following Software Configuration Succeeded Param: Product: Microsoft Office Professional Plus 2010 -- Configuration completed successfully.
Expand Severity Title Port/Service
1
DNS Host Name
QID:
6
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
01/01/1999
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The fully qualified domain name of this host, if it was obtained from a DNS server, is displayed in the RESULT section.
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
IP addressHost name
152.2.40.197m46183.pha.unc.edu
Expand Severity Title Port/Service
1
Firewall Detected
QID:
34011
Category:
Firewall
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
10/16/2001
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
A packet filtering device protecting this IP was detected. This is likely to be a firewall or a router using access control lists (ACLs).
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Some of the ports filtered by the firewall are: 20, 21, 22, 23, 25, 53, 80, 111, 443, 1.

Listed below are the ports filtered by the firewall.
No response has been received when any of these ports is probed.
1-134,136-138,140-444,446-1705,1707-1999,2001-2146,2148-2512,2514-2701,
2703-3388,3390-5630,5632-6128,6130-27598,27600-42423,42425-65535
Expand Severity Title Port/Service
1
Network Adapter MAC Address
QID:
43007
Category:
Hardware
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
11/29/2004
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
It is possible to obtain the MAC address information of the network adapters on the target system. Various sources such as SNMP and NetBIOS provide such information. This vulnerability test attempts to gather and report on this information in a table format.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
MethodMAC AddressVendor
NBTSTAT00:15:5D:02:66:13
Expand Severity Title Port/Service
1
Processor Information for Windows Target System
QID:
43113
Category:
Hardware
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
06/20/2006
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Processor information for the Windows target host is shown in the Result section.
IMPACT:
n/a
SOLUTION:
n/a
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
HKLM\System\CurrentControlSet\Control\Session Manager\Environment
PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 45 Stepping 7, GenuineIntel
Expand Severity Title Port/Service
1
Target Network Information
QID:
45004
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
08/15/2013
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The information shown in the Result section was returned by the network infrastructure responsible for routing traffic from our cloud platform to the target network (where the scanner appliance is located).

This information was returned from: 1) the WHOIS service, or 2) the infrastructure provided by the closest gateway server to our cloud platform. If your ISP is routing traffic, your ISP's gateway server returned this information.

IMPACT:
This information can be used by malicious users to gather more information about the network infrastructure that may help in launching attacks against it.
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
The network handle is: UNCCH-NET
Network description:
University of North Carolina at Chapel Hill
Expand Severity Title Port/Service
1
Internet Service Provider
QID:
45005
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
08/15/2013
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The information shown in the Result section was returned by the network infrastructure responsible for routing traffic from our cloud platform to the target network (where the scanner appliance is located).

This information was returned from: 1) the WHOIS service, or 2) the infrastructure provided by the closest gateway server to our cloud platform. If your ISP is routing traffic, your ISP's gateway server returned this information.This information was gathered using the WHOIS service for the network and is believed to be the ISP of the target network.

IMPACT:
This information can be used by malicious users to gather more information about the network infrastructure that may aid in launching further attacks against it.
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
The ISP network handle is: UNCCH-NET
ISP Network description:
University of North Carolina at Chapel Hill
Expand Severity Title Port/Service
1
Traceroute
QID:
45006
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/09/2003
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Traceroute describes the path in realtime from the scanner to the remote host being contacted. It reports the IP addresses of all the routers in between.
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
HopsIPRound Trip TimeProbe
1152.2.20.10.48msICMP
2152.19.253.1050.90msICMP
3152.19.255.2541.13msICMP
4152.19.255.2101.14msICMP
5152.2.40.1971.32msICMP
Expand Severity Title Port/Service
1
Virtual Private Networks
QID:
45013
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
01/01/1999
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
This host allows Virtual Private Network connections to be established from remote VPN clients.
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
PortServiceDescription
500ISAKMP/IKEISAKMP/IKE key exchange for IPsec Virtual Private Network
Expand Severity Title Port/Service
1
VPN Authentications
QID:
45014
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
11/10/2003
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The following authentication policies are supported by the VPN servers on this host:
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
AuthenticationDescription
GSS-APIGSS-API using Kerberos
Expand Severity Title Port/Service
1
IKE Service Implementation Identified
QID:
45018
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
12/23/2003
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The IKE service implementation active on this host can be identified from a remote system using IKE fingerprinting. All IKE service implementations have subtle differences that can be seen in their responses to specially crafted packets. According to the results of this "fingerprinting" technique, the IKE service implementation is among those listed below.

If one or more of these subtle differences is modified by a firewall or a packet filtering device between the scanner and the host, the fingerprinting technique may fail. Consequently, the IKE implementation may not be detected correctly.

IMPACT:
Through acquired knowledge of the IKE implementation, an attacker can launch further attacks against the service or try to bypass it.
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Cisco VPN 3000 Concentrator
Expand Severity Title Port/Service
1
Disabled Accounts Enumerated From SAM Database
QID:
45027
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
10/29/2003
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The Security Accounts Manager holds user and machine account information. The scanner found at least one disabled user or machine account in the SAM database for the target Windows machine. The accounts found are listed in the Results section.
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Disabled User/Machine Accounts:
sop.guest
Expand Severity Title Port/Service
1
Administrator Account's Real Name Found From LSA Enumeration
QID:
45032
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
02/17/2004
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
LSA (Local Security Authority Database) is a protected subsystem that authenticates and logs users onto the local system.

Windows systems by default have the administrator account's name configured as "Administrator". This can very easily be changed to a non-default value (like root, for example) to harden security against password bruteforcing.

LSA, internally, refers to user accounts by what are called RIDs (Relative IDs) instead of the friendlier names (like "Administrator") used only for GUI and display purposes. The administrator account on any Windows system always has a RID of 500, even if the name has been changed.

The scanner probed the LSA for the name that maps to the RID of 500, which is the administrator account name, changed or unchanged. The name is listed in the Result section below.

SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
sop.admin
Expand Severity Title Port/Service
1
Host Scan Time
QID:
45038
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
11/18/2004
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The Host Scan Time is the period of time it takes the scanning engine to perform the vulnerability assessment of a single target host. The Host Scan Time for this host is reported in the Result section below.

The Host Scan Time does not have a direct correlation to the Duration time as displayed in the Report Summary section of a scan results report. The Duration is the period of time it takes the service to perform a scan task. The Duration includes the time it takes the service to scan all hosts, which may involve parallel scanning. It also includes the time it takes for a scanner appliance to pick up the scan task and transfer the results back to the service's Secure Operating Center. Further, when a scan task is distributed across multiple scanners, the Duration includes the time it takes to perform parallel host scanning on all scanners.

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Scan duration: 2400 seconds

Start time: Sat, Mar 23 2013, 22:06:12 GMT

End time: Sat, Mar 23 2013, 22:46:12 GMT
Expand Severity Title Port/Service
1
Host Names Found
QID:
45039
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
02/14/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The following host names were discovered for this computer using various methods such as DNS look up, NetBIOS query, and SQL server name query.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Host NameSource
SOP-TS2.ad.unc.eduNTLM DNS
m46183.pha.unc.eduFQDN
SOP-TS2NTLM NetBIOS
SOP-TS2NetBIOS
Expand Severity Title Port/Service
1
NTFS Settings Enumerated
QID:
45063
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
04/26/2006
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The NTFS settings on the target have been enumerated.
IMPACT:
n/a
SOLUTION:
For information on the significance of some of these settings, see this Microsoft TechNet article and this article published by a third party.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
HKLM\SYSTEM\CurrentControlSet\Control\Filesystem
NtfsDisable8dot3NameCreation = 1
HKLM\SYSTEM\CurrentControlSet\Control\Filesystem
NtfsDisableLastAccessUpdate = 0
HKLM\SYSTEM\CurrentControlSet\Control\Filesystem
Win31FileSystem = 0
Expand Severity Title Port/Service
1
Sun Java Runtime Environment Installed
QID:
45095
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
10/22/2008
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
This will list all the versions of Sun Java Runtime Environment(JRE) Installed on a Windows System
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
C:\Program Files (x86)\Java\jre6\bin\client\jvm.dll found
HKLM\SOFTWARE\Wow6432Node\JavaSoft\Java Runtime Environment 1.6.0_43
Expand Severity Title Port/Service
1
Interface Names and Assigned IP Address Enumerated from Registry
QID:
45099
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
03/17/2009
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Interface names and IP addresses assigned to those interfaces are listed for Windows 2000 and later versions of Microsoft Windows Operating system. This test obtains this list by querying the registry database.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Interface: Microsoft Virtual Machine Bus Network AdapterIP Address: 152.2.40.197
Expand Severity Title Port/Service
1
Java Runtime Environment 1.6 Installed
QID:
45140
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
10/31/2011
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Java Runtime Environment 1.6 installed on the target machine.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
C:\Program Files (x86)\Java\jre6\bin\client\jvm.dll product version is 6.0.430.1
Expand Severity Title Port/Service
1
Microsoft Windows Management Instrumentation Service (WMI) Is Running
QID:
45183
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
12/04/2012
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Windows Management Instrumentation (WMI) is the infrastructure for management data and operations on Windows-based operating systems.

The target has WMI service installed and running.

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
winmgmt = RUNNING
Expand Severity Title Port/Service
1
Windows Authentication Method
QID:
70028
Category:
SMB / NETBIOS
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
12/09/2008
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Windows authentication was performed. The Results section in your detailed results includes a list of authentication credentials used.

The service also attempts to authenticate using common credentials. You should verify that the credentials used for successful authentication were those that were provided in the Windows authentication record. User-provided credentials failed if the discovery method shows "Unable to log in using credentials provided by user, fallback to NULL session". If this is the case, verify that the credentials specified in the Windows authentication record are valid for this host.

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
User NameDOM qualys.scn
DomainAD
Authentication SchemeKerberos
SecurityUser-based
SMBv1 SigningEnabled
Discovery MethodLogin credentials provided by user
Authentication RecordAD.UNC.EDU Credentials
CIFS VersionSMB v2.1
Expand Severity Title Port/Service
1
Windows Authentication Method for User-Provided Credentials
QID:
70053
Category:
SMB / NETBIOS
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
11/05/2009
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Windows authentication was performed and successful with user-provided credentials. The Results section in your detailed results includes a list of authentication credentials used.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
User NameDOM qualys.scn
DomainAD
Authentication SchemeKerberos
SecurityUser-based
SMBv1 SigningEnabled
Authentication RecordAD.UNC.EDU Credentials
Expand Severity Title Port/Service
1
Open UDP Services List
QID:
82004
Category:
TCP/IP
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
07/11/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
A port scanner was used to draw a map of all the UDP services on this host that can be accessed from the Internet.

Note that if the host is behind a firewall, there is a small chance that the list includes a few ports that are filtered or blocked by the firewall but are not actually open on the target host. This (false positive on UDP open ports) may happen when the firewall is configured to reject UDP packets for most (but not all) ports with an ICMP Port Unreachable packet. This may also happen when the firewall is configured to allow UDP packets for most (but not all) ports through and filter/block/drop UDP packets for only a few ports. Both cases are uncommon.

IMPACT:
Unauthorized users can exploit this information to test vulnerabilities in each of the open services.
SOLUTION:
Shut down any unknown or unused service on the list. If you have difficulty working out which service is provided by which process or program, contact your provider's support team. For more information about commercial and open-source Intrusion Detection Systems available for detecting port scanners of this kind, visit the CERT Web site.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
PortIANA Assigned Ports/ServicesDescriptionService Detected
137netbios-nsNETBIOS Name Servicenetbios ns
500isakmpisakmpisakmp
Expand Severity Title Port/Service
1
Open TCP Services List
QID:
82023
Category:
TCP/IP
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
06/15/2009
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The port scanner enables unauthorized users with the appropriate tools to draw a map of all services on this host that can be accessed from the Internet. The test was carried out with a "stealth" port scanner so that the server does not log real connections.

The Results section displays the port number (Port), the default service listening on the port (IANA Assigned Ports/Services), the description of the service (Description) and the service that the scanner detected using service discovery (Service Detected).

IMPACT:
Unauthorized users can exploit this information to test vulnerabilities in each of the open services.
SOLUTION:
Shut down any unknown or unused service on the list. If you have difficulty figuring out which service is provided by which process or program, contact your provider's support team. For more information about commercial and open-source Intrusion Detection Systems available for detecting port scanners of this kind, visit the CERT Web site.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
PortIANA Assigned Ports/ServicesDescriptionService DetectedOS On Redirected Port
135msrpc-epmapepmap DCE endpoint resolutionDCERPC Endpoint Mapper
139netbios-ssnNETBIOS Session Servicenetbios ssn
445microsoft-dsMicrosoft-DSmicrosoft-ds
27599unknownunknownunknown over ssl
Expand Severity Title Port/Service
1
ICMP Replies Received
QID:
82040
Category:
TCP/IP
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
01/16/2003
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
ICMP (Internet Control and Error Message Protocol) is a protocol encapsulated in IP packets. ICMP's principal purpose is to provide a protocol layer that informs gateways of the inter-connectivity and accessibility of other gateways or hosts.

We have sent the following types of packets to trigger the host to send us ICMP replies:

Echo Request (to trigger Echo Reply)
Timestamp Request (to trigger Timestamp Reply)
Address Mask Request (to trigger Address Mask Reply)
UDP Packet (to trigger Port Unreachable Reply)
IP Packet with Protocol >= 250 (to trigger Protocol Unreachable Reply)

Listed in the "Result" section are the ICMP replies that we have received.

SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
ICMP Reply TypeTriggered ByAdditional Information
Echo (type=0 code=0)Echo RequestEcho Reply
Expand Severity Title Port/Service
1
NetBIOS Host Name
QID:
82044
Category:
TCP/IP
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
01/20/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The NetBIOS host name of this computer has been detected.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
SOP-TS2
Expand Severity Title Port/Service
1
Degree of Randomness of TCP Initial Sequence Numbers
QID:
82045
Category:
TCP/IP
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
11/19/2004
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
TCP Initial Sequence Numbers (ISNs) obtained in the SYNACK replies from the host are analyzed to determine how random they are. The average change between subsequent ISNs and the standard deviation from the average are displayed in the RESULT section. Also included is the degree of difficulty for exploitation of the TCP ISN generation scheme used by the host.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Average change between subsequent TCP initial sequence numbers is 1122317454 with a standard deviation of 599038722. These TCP initial sequence numbers were triggered by TCP SYN probes sent to the host at an average rate of 1/(7006 microseconds). The degree of difficulty to exploit the TCP initial sequence number generation scheme is: hard.
Expand Severity Title Port/Service
1
IP ID Values Randomness
QID:
82046
Category:
TCP/IP
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
07/27/2006
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The values for the identification (ID) field in IP headers in IP packets from the host are analyzed to determine how random they are. The changes between subsequent ID values for either the network byte ordering or the host byte ordering, whichever is smaller, are displayed in the RESULT section along with the duration taken to send the probes. When incremental values are used, as is the case for TCP/IP implementation in many operating systems, these changes reflect the network load of the host at the time this test was conducted.

Please note that for reliability reasons only the network traffic from open TCP ports is analyzed.

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
IP ID changes observed (network order) for port 135: 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 2 2 47 47 47 47 47 47 47 47
Duration: 30 milli seconds
Expand Severity Title Port/Service
1
NetBIOS Workgroup Name Detected
QID:
82062
Category:
TCP/IP
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
06/02/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The NetBIOS workgroup or domain name for this system has been detected.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
AD
Expand Severity Title Port/Service
1
Enabled Winlogon CD-ROM Allocation
QID:
90010
Category:
Windows
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
08/28/2003
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The CD-ROM drives are allocated by winlogon.
IMPACT:
Unauthorized users may succeed in executing malicious programs by inserting a CD into the CD-ROM drive.
SOLUTION:
We recommend that CD-ROM allocations be restricted to users who are authenticated, and physically logged in. To set this restriction, locate the following registry key, and then set the REG_SZ 'AllocateCDRoms' entry to '1':

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon AllocateCDRoms = 0
Expand Severity Title Port/Service
1
Windows CDROM Autorun Enabled
QID:
90012
Category:
Windows
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
02/03/2011
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Autorun is activated on this host. Windows Autorun enables programs located on CDs to be automatically launched when a CD is inserted in the CD-ROM drive.

If Autorun is enabled, it puts the machine into potential malaware risk or even virus infection. Mostly, viruses and worms are spread using the windows AutoRun feature.

In the past, Sony rootkit issue exploited machines that had Autorun enabled to secretly infect them by digital rights management software after playing certain CDs. The Downadup/Conficker worm is known to have infected a lot of machines and the use of the Autoplay functionality has been one of the major attack vector and propagation method for the worm to spread.

IMPACT:
If the machine can be accessed physically, then viruses or trojan attack programs can be installed with little difficulty.
SOLUTION:
We recommend that you remove the Autorun functionality. To do this, locate the following registry key, and then set the 'Autorun' entry to '0':

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CDRom

To selectively disable specific Autorun features, change the "NoDriveTypeAutoRun" entry in one of the following registry key subkeys:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\

The value of the NoDriveTypeAutoRun registry entry determines which drive or drives the Autorun functionality will be disabled for. Settings for the NoDriveTypeAutoRun registry entry are listed below:

0x1 = Disables AutoPlay on drives of unknown type
0x4 = Disables AutoPlay on removable drives
0x8 = Disables AutoPlay on fixed drives
0x10 = Disables AutoPlay on network drives
0x20 = Disables AutoPlay on CD-ROM drives
0x40 = Disables AutoPlay on RAM disks
0x80 = Disables AutoPlay on drives of unknown type
0xFF = Disables AutoPlay on all kinds of drives

You may also disable the service by setting the group policy object (GPO). HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun

Detailed steps on disabling the Autorun functionality for different Windows platforms through various methods are available at Microsoft Knowledge Base Articles KB967715 and KB953252.

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
HKLM\System\CurrentControlSet\Services\CDRom AutoRun = 1
Expand Severity Title Port/Service
1
Disabled Clear Page File
QID:
90013
Category:
Windows
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
08/28/2003
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Windows does not clear or recreate the page file on this system.
IMPACT:
This vulnerability could pose a threat to security and cause a drop in performance. Sensitive information, such as passwords or usernames, can be retrieved.
SOLUTION:
We recommend forcing Windows to clear the page file when the system shuts down. To do this, locate the following registry key, and then set the REG_SZ key 'ClearPageFileAtShutdown' to '1':

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
HKLM\System\CurrentControlSet\Control\Session Manager\Memory Management ClearPageFileAtShutdown = 0
Expand Severity Title Port/Service
1
Possible Log Recording Issues
QID:
90014
Category:
Windows
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
08/28/2003
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The Security Log might stop recording events when it is full.
IMPACT:
When the system's maximum log size is reached, security-related events will no longer be logged. No authorized or unauthorized activity will be recorded.
SOLUTION:
Administrators requiring total visibility of all access attempts may wish to enable the system crash on audit-fail. This will shutdown the system until the administrator logs in and purges the event log. To activate this feature, locate the following registry key, and then set the 'CrashOnAuditFail' entry to '1':

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
HKLM\System\CurrentControlSet\Control\Lsa CrashOnAuditFail = 0
Expand Severity Title Port/Service
1
Enabled Caching of Dial-up Password Feature
QID:
90015
Category:
Windows
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
08/28/2003
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Windows has a feature that enables the dial-up password to be saved and then be automatically provided during connection attempts. This feature has been activated on this system.
IMPACT:
Windows saves these passwords using very weak encryption. Therefore, unauthorized local users may be able to retreive passwords without much difficulty.

Since Windows automatically provides the saved dial-up password, unauthorized users with local access to this host can connect and dial the remote host without the password.

SOLUTION:
We recommend that you disable caching of the dial-up password. To do this, locate the following registry key, and then set the REG_DWORD 'DisableSavePassword' entry to '1':

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Rasman\Parameters

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
HKLM\System\CurrentControlSet\Services\Rasman\Parameters DisableSavePassword is missing.
Expand Severity Title Port/Service
1
Windows Services List
QID:
90065
Category:
Windows
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
10/31/2003
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The following Windows services were detected.
SOLUTION:
Stop unnused services, and set them to "Disabled" in the Windows "Services" Control Panel.
COMPLIANCE:
Type: GLBA
Section: N/A
Description: Identify users who use network services and who require access to necessary service configurations and authentication parameters.

Type: SOX
Section: N/A
Description: Limiting System Services Identify the following services and server function/usage:- Identify critical services open on the server (i.e., FTP, Telnet, SSH, SMTP, DNS, Finger, HTTP, POP3, Portmapper, NNTP, Samba, IMAP2, SNMP, HTTPS, NNTPS, IMAPS, POP3S, and MySQL)- Identify additional uses of the server that may cause vulnerabilities such as remote access methods for administration (i.e., PC Anywhere, radmin, VNC), NETBIOS, SQL Server databases, Terminal Services- Identify users who use network services and who have access to the necessary service configuration and authentication parameters

EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
NameStatusDescription
AeLookupSvcstartedApplication Experience
ALG Application Layer Gateway Service
AppIDSvc Application Identity
Appinfo Application Information
AppMgmt Application Management
aspnet_state ASP.NET State Service
AudioEndpointBuilderstartedWindows Audio Endpoint Builder
AudioSrvstartedWindows Audio
BFEstartedBase Filtering Engine
BITSstartedBackground Intelligent Transfer Service
Browser Computer Browser
ccEvtMgrstartedSymantec Event Manager
ccSetMgrstartedSymantec Settings Manager
CertPropSvcstartedCertificate Propagation
clr_optimization_v2.0.50727_32 Microsoft .NET Framework NGEN v2.0.50727_X86
clr_optimization_v2.0.50727_64 Microsoft .NET Framework NGEN v2.0.50727_X64
clr_optimization_v4.0.30319_32 Microsoft .NET Framework NGEN v4.0.30319_X86
clr_optimization_v4.0.30319_64 Microsoft .NET Framework NGEN v4.0.30319_X64
COMSysApp COM+ System Application
CryptSvcstartedCryptographic Services
CscService Offline Files
DcomLaunchstartedDCOM Server Process Launcher
defragsvc Disk Defragmenter
DhcpstartedDHCP Client
DnscachestartedDNS Client
dot3svc Wired AutoConfig
DpmCPWrapperService DPM CPWrapper Service
DPMRA DPMRA
DPSstartedDiagnostic Policy Service
EapHost Extensible Authentication Protocol
EFS Encrypting File System (EFS)
eventlogstartedWindows Event Log
EventSystemstartedCOM+ Event System
FCRegSvc Microsoft Fibre Channel Platform Registration Service
fdPHost Function Discovery Provider Host
FDResPub Function Discovery Resource Publication
FontCachestartedWindows Font Cache Service
FontCache3.0.0.0 Windows Presentation Foundation Font Cache 3.0.0.0
gpsvcstartedGroup Policy Client
hidserv Human Interface Device Access
hkmsvc Health Key and Certificate Management
idsvc Windows CardSpace
IKEEXTstartedIKE and AuthIP IPsec Keying Modules
IPBusEnum PnP-X IP Bus Enumerator
iphlpsvcstartedIP Helper
KeyIso CNG Key Isolation
KtmRm KtmRm for Distributed Transaction Coordinator
LanmanServerstartedServer
LanmanWorkstationstartedWorkstation
LiveUpdate LiveUpdate
lltdsvc Link-Layer Topology Discovery Mapper
lmhostsstartedTCP/IP NetBIOS Helper
Microsoft SharePoint Workspace Audit Service Microsoft SharePoint Workspace Audit Service
MMCSSstartedMultimedia Class Scheduler
MpsSvcstartedWindows Firewall
MSDTCstartedDistributed Transaction Coordinator
MSiSCSI Microsoft iSCSI Initiator Service
msiserver Windows Installer
napagent Network Access Protection Agent
NetlogonstartedNetlogon
NetmanstartedNetwork Connections
NetMsmqActivator Net.Msmq Listener Adapter
NetPipeActivator Net.Pipe Listener Adapter
netprofmstartedNetwork List Service
NetTcpActivator Net.Tcp Listener Adapter
NetTcpPortSharing Net.Tcp Port Sharing Service
NlaSvcstartedNetwork Location Awareness
nsistartedNetwork Store Interface Service
ose Office Source Engine
osppsvcstartedOffice Software Protection Platform
PerfHost Performance Counter DLL Host
pla Performance Logs & Alerts
PlugPlaystartedPlug and Play
PolicyAgentstartedIPsec Policy Agent
PowerstartedPower
ProfSvcstartedUser Profile Service
ProtectedStoragestartedProtected Storage
RasAuto Remote Access Auto Connection Manager
RasManstartedRemote Access Connection Manager
RemoteAccess Routing and Remote Access
RemoteRegistrystartedRemote Registry
RpcEptMapperstartedRPC Endpoint Mapper
RpcLocator Remote Procedure Call (RPC) Locator
RpcSsstartedRemote Procedure Call (RPC)
RSoPProv Resultant Set of Policy Provider
sacsvr Special Administration Console Helper
SamSsstartedSecurity Accounts Manager
SCardSvr Smart Card
SchedulestartedTask Scheduler
SCPolicySvc Smart Card Removal Policy
seclogon Secondary Logon
SENSstartedSystem Event Notification Service
SessionEnvstartedRemote Desktop Configuration
SharedAccess Internet Connection Sharing (ICS)
ShellHWDetection Shell Hardware Detection
SmcServicestartedSymantec Management Client
SNAC Symantec Network Access Control
SNMPTRAP SNMP Trap
SpoolerstartedPrint Spooler
sppsvc Software Protection
sppuinotify SPP Notification Service
SSDPSRV SSDP Discovery
SstpSvcstartedSecure Socket Tunneling Protocol Service
stisvc Windows Image Acquisition (WIA)
swprv Microsoft Software Shadow Copy Provider
Symantec AntiVirusstartedSymantec Endpoint Protection
TabletInputService Tablet PC Input Service
TapiSrvstartedTelephony
TBS TPM Base Services
TermServicestartedRemote Desktop Services
ThemesstartedThemes
THREADORDER Thread Ordering Server
TrkWksstartedDistributed Link Tracking Client
TrustedInstaller Windows Modules Installer
UI0Detect Interactive Services Detection
UmRdpServicestartedRemote Desktop Services UserMode Port Redirector
upnphost UPnP Device Host
UxSmsstartedDesktop Window Manager Session Manager
VaultSvc Credential Manager
vds Virtual Disk
vmicheartbeatstartedHyper-V Heartbeat Service
vmickvpexchangestartedHyper-V Data Exchange Service
vmicshutdownstartedHyper-V Guest Shutdown Service
vmictimesyncstartedHyper-V Time Synchronization Service
vmicvssstartedHyper-V Volume Shadow Copy Requestor
VSS Volume Shadow Copy
W32TimestartedWindows Time
wbengine Block Level Backup Engine Service
WcsPlugInService Windows Color System
WdiServiceHost Diagnostic Service Host
WdiSystemHost Diagnostic System Host
WebClient WebClient
Wecsvc Windows Event Collector
wercplsupport Problem Reports and Solutions Control Panel Support
WerSvc Windows Error Reporting Service
WinDefendstartedWindows Defender
WinHttpAutoProxySvc WinHTTP Web Proxy Auto-Discovery Service
WinmgmtstartedWindows Management Instrumentation
WinRMstartedWindows Remote Management (WS-Management)
wmiApSrv WMI Performance Adapter
WPDBusEnum Portable Device Enumerator Service
wuauservstartedWindows Update
wudfsvc Windows Driver Foundation - User-mode Driver Framework
Expand Severity Title Port/Service
1
Windows Drivers List
QID:
90066
Category:
Windows
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
10/31/2003
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The following Windows drivers were detected.
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
NameStatusDescription
1394ohci 1394 OHCI Compliant Host Controller
ACPIstartedMicrosoft ACPI Driver
AcpiPmi ACPI Power Meter Driver
adp94xx adp94xx
adpahci adpahci
adpu320 adpu320
AFDstartedAncillary Function Driver for Winsock
agp440 Intel AGP Bus Filter
aliide aliide
amdide amdide
AmdK8 AMD K8 Processor Driver
AmdPPM AMD Processor Driver
amdsata amdsata
amdsbs amdsbs
amdxatastartedamdxata
AppID AppID Driver
arc arc
arcsas arcsas
AsyncMacstartedRAS Asynchronous Media Driver
atapistartedIDE Channel
b06bdrv Broadcom NetXtreme II VBD
b57nd60a Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0
Beep Beep
blbdrivestartedblbdrive
bowserstartedBrowser Support Driver
BrFiltLo Brother USB Mass-Storage Lower Filter Driver
BrFiltUp Brother USB Mass-Storage Upper Filter Driver
Brserid Brother MFC Serial Port Interface Driver (WDM)
BrSerWdm Brother WDM Serial driver
BrUsbMdm Brother MFC USB Fax Only Modem
BrUsbSer Brother MFC USB Serial WDM Driver
cdfs CD/DVD File System Reader
cdromstartedCD-ROM Driver
CLFSstartedCommon Log (CLFS)
CmBatt Microsoft ACPI Control Method Battery Driver
cmdide cmdide
CNGstartedCNG
Compbatt Compbatt
CompositeBusstartedComposite Bus Enumerator Driver
crcdisk Crcdisk Filter Driver
CSC Offline Files Driver
ctxusbmstartedCitrix USB Monitor Driver
DfsCstartedDFS Namespace Client Driver
discachestartedSystem Attribute Cache
DiskstartedDisk Driver
dmvscstarteddmvsc
DpmFilterstartedDpmFilter
DXGKrnl LDDM Graphics Subsystem
ebdrv Broadcom NetXtreme II 10 GigE VBD
eeCtrlstartedSymantec Eraser Control driver
elxstor elxstor
EraserUtilRebootDrvstartedEraserUtilRebootDrv
ErrDev Microsoft Hardware Error Device Driver
exfat exFAT File System Driver
fastfat FAT12/16/32 File System Driver
fdcstartedFloppy Disk Controller Driver
FileInfo File Information FS MiniFilter
Filetrace Filetrace
flpydiskstartedFloppy Disk Driver
FltMgrstartedFltMgr
FsDepends File System Dependency Minifilter
gagp30kx Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms
HDAudBus Microsoft UAA Bus Driver for High Definition Audio
HidBatt HID UPS Battery Driver
HidUsb Microsoft HID Class Driver
HpSAMD HpSAMD
HTTPstartedHTTP
hwpolicystartedHardware Policy Driver
i8042prtstartedi8042 Keyboard and PS/2 Mouse Port Driver
iaStorV Intel RAID Controller Windows 7
iirsp iirsp
intelidestartedintelide
intelppmstartedIntel Processor Driver
ioatdma Intel(R) QuickData Technology Device
IpFilterDriver IP Traffic Filter Driver
IPMIDRV IPMIDRV
IPNAT IP Network Address Translator
isapnp isapnp
iScsiPrt iScsiPort Driver
kbdclassstartedKeyboard Class Driver
kbdhid Keyboard HID Driver
KSecDDstartedKSecDD
KSecPkgstartedKSecPkg
ksthunk Kernel Streaming Thunks
lltdiostartedLink-Layer Topology Discovery Mapper I/O Driver
LSI_FC LSI_FC
LSI_SAS LSI_SAS
LSI_SAS2 LSI_SAS2
LSI_SCSI LSI_SCSI
luafvstartedUAC File Virtualization
megasas megasas
MegaSR MegaSR
Modem Modem
monitor Microsoft Monitor Class Function Driver Service
mouclassstartedMouse Class Driver
mouhidstartedMouse HID Driver
mountmgrstartedMount Point Manager
mpio mpio
mpsdrvstartedWindows Firewall Authorization Driver
MRxDAV WebDav Client Redirector Driver
mrxsmbstartedSMB MiniRedirector Wrapper and Engine
mrxsmb10startedSMB 1.x MiniRedirector
mrxsmb20startedSMB 2.0 MiniRedirector
msahci msahci
msdsm msdsm
MsfsstartedMsfs
mshidkmdf Pass-through HID to KMDF Filter Driver
msisadrvstartedmsisadrv
MsRPC MsRPC
mssmbiosstartedMicrosoft System Management BIOS Driver
MTConfig Microsoft Input Configuration Driver
MupstartedMup
NAVENGstartedNAVENG
NAVEX15startedNAVEX15
NDISstartedNDIS System Driver
NdisCap NDIS Capture LightWeight Filter
NdisTapistartedRemote Access NDIS TAPI Driver
Ndisuio NDIS Usermode I/O Protocol
NdisWanstartedRemote Access NDIS WAN Driver
NDProxystartedNDIS Proxy
NetBIOSstartedNetBIOS Interface
NetBTstartedNetBT
netvscstartednetvsc
nfrd960 nfrd960
NpfsstartedNpfs
nsiproxystartedNSI proxy service driver.
NtfsstartedNtfs
NullstartedNull
nvraid nvraid
nvstor nvstor
nv_agp NVIDIA nForce AGP Bus Filter
ohci1394 1394 OHCI Compliant Host Controller (Legacy)
Parport Parallel port driver
partmgrstartedPartition Manager
pcistartedPCI Bus Driver
pciide pciide
pcmcia pcmcia
pcwstartedPerformance Counters for Windows Driver
PEAUTHstartedPEAUTH
PptpMiniportstartedWAN Miniport (PPTP)
Processor Processor Driver
PschedstartedQoS Packet Scheduler
ql2300 ql2300
ql40xx ql40xx
RasAcd Remote Access Auto Connection Driver
RasAgileVpnstartedWAN Miniport (IKEv2)
Rasl2tpstartedWAN Miniport (L2TP)
RasPppoestartedRemote Access PPPOE Driver
RasSstpstartedWAN Miniport (SSTP)
rdbssstartedRedirected Buffering Sub Sysytem
rdpbusstartedRemote Desktop Device Redirector Bus Driver
RDPCDDstartedRDPCDD
RDPDRstartedTerminal Server Device Redirector Driver
RDPENCDDstartedRDP Encoder Mirror Driver
RDPREFMPstartedReflector Display Driver used to gain access to graphics data
RDPWDstartedRDP Winstation Driver
rspndrstartedLink-Layer Topology Discovery Responder
s3capstarteds3cap
sacdrv sacdrv
sbp2port sbp2port
scfilter Smart card PnP Class Filter Driver
secdrvstartedSecurity Driver
SerenumstartedSerenum Filter Driver
SerialstartedSerial port driver
sermouse Serial Mouse Driver
sffdisk SFF Storage Class Driver
sffp_mmc SFF Storage Protocol Driver for MMC
sffp_sd SFF Storage Protocol Driver for SDBus
sfloppy High-Capacity Floppy Disk Drive
SiSRaid2 SiSRaid2
SiSRaid4 SiSRaid4
Smb Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session)
spldrstartedSecurity Processor Loader Driver
SRTSPstartedSRTSP
SRTSPL SRTSPL
SRTSPXstartedSRTSPX
srvstartedServer SMB 1.xxx Driver
srv2startedServer SMB 2.xxx Driver
srvnetstartedsrvnet
stexstor stexstor
storfltstartedDisk Virtual Machine Bus Acceleration Filter Driver
storvscstartedstorvsc
storvsp storvsp
swenumstartedSoftware Bus Driver
SymEventstartedSymEvent
SynthVidstartedSynthVid
TcpipstartedTCP/IP Protocol Driver
TCPIP6 Microsoft IPv6 Protocol Driver
tcpipregstartedTCP/IP Registry Compatibility
TDPIPE TDPIPE
TDTCPstartedTDTCP
tdxstartedNetIO Legacy TDI Support Driver
TermDDstartedTerminal Device Driver
tssecsrvstartedRemote Desktop Services Security Filter Driver
TsUsbFlt TsUsbFlt
TsUsbGD Remote Desktop Generic USB Device
tunnel Microsoft Tunnel Miniport Adapter Driver
uagp35 Microsoft AGPv3.5 Filter
udfs udfs
uliagpkx Uli AGP Bus Filter
umbusstartedUMBus Enumerator Driver
UmPass Microsoft UMPass Driver
usbccgp Microsoft USB Generic Parent Driver
usbehci Microsoft USB 2.0 Enhanced Host Controller Miniport Driver
usbhub Microsoft USB Standard Hub Driver
usbohci Microsoft USB Open Host Controller Miniport Driver
usbprint Microsoft USB PRINTER Class
USBSTOR USB Mass Storage Driver
usbuhci Microsoft USB Universal Host Controller Miniport Driver
vdrvrootstartedMicrosoft Virtual Drive Enumerator Driver
vga vga
VgaSavestartedVgaSave
vhdmp vhdmp
viaide viaide
Vid Vid
vmbusstartedVirtual Machine Bus
VMBusHIDstartedVMBusHID
volmgrstartedVolume Manager Driver
volmgrxstartedDynamic Volume Manager
volsnapstartedStorage volumes
vsmraid vsmraid
WacomPen Wacom Serial Pen HID Driver
WANARP Remote Access IP ARP Driver
Wanarpv6startedRemote Access IPv6 ARP Driver
Wd Wd
Wdf01000startedKernel Mode Driver Frameworks service
WfpLwfstartedWFP Lightweight Filter
WIMMount WIMMount
WmiAcpi Microsoft Windows Management Interface for ACPI
ws2ifsl Winsock IFS Driver
WudfPf User Mode Driver Frameworks Platform Driver
Expand Severity Title Port/Service
1
Windows Product Type
QID:
90107
Category:
Windows
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
09/13/2007
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The results below identify which type of Windows product is installed:
- If ProductType is "Winnt", the host is running Windows Workstation.
- If ProductType is "Servernt", the host is running Windows Server.
- If ProductType is "Lanmannt", the host is running Windows Advanced Server.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
HKLM\Software\Microsoft\Windows NT\CurrentVersion
CurrentVersion=6.1
ProductName=Windows Server 2008 R2 Enterprise
HKLM\SYSTEM\currentControlSet\Control\ProductOptions
ProductSuite={"Enterprise", "Terminal Server"}
ProductType=ServerNT
Expand Severity Title Port/Service
1
Windows Registry Key Access Denied
QID:
90195
Category:
Windows
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
03/24/2009
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Remote access to the following registry keys has been denied. Access to the Registry named pipe was successful, but remote access to the Registry keys in the Result section has been denied.
IMPACT:
Vulnerabilities that require registry key access may not have been detected during the scan. This QID can be used to debug authentication and permission issues with other QIDs. This QID is not a direct indication of problems or missing patches on the target system.
SOLUTION:
See the permissions assigned to the provided user authentication credentials. On Windows XP Professional use Classic for local network logins (default is Guest only, which prohibits Registry access). This may be set at Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\Properties\
HKLM\System\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\Properties\
HKLM\System\CurrentControlSet\Control\Class\{4D36E96C-E325-11CE-BFC1-08002BE10318}\Properties\
HKLM\System\CurrentControlSet\Control\Class\{4D36E978-E325-11CE-BFC1-08002BE10318}\Properties\
HKLM\System\CurrentControlSet\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties\
HKLM\System\CurrentControlSet\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\Properties\
HKLM\System\CurrentControlSet\Control\Class\{4D36E96F-E325-11CE-BFC1-08002BE10318}\Properties\
HKLM\System\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\Properties\
Expand Severity Title Port/Service
1
Windows Internet Explorer Version
QID:
90295
Category:
Windows
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
03/27/2013
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The Windows Internet Explorer version is shown.
IMPACT:
n/a
SOLUTION:
n/a
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
HKLM\SOFTWARE\Microsoft\Internet Explorer
Version = 9.0.8112.16421
Expand Severity Title Port/Service
1
Access to File Share is Enabled
QID:
90331
Category:
Windows
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
07/18/2006
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The purpose of this QID is to indicate that access to the file share on the target host has been enabled. While the overwhelming majority of checks for Microsoft Windows and other Microsoft products rely simply on registry access via the winreg named pipe, checks for several third party products rely on file version checks which require file share access. This QID is posted if ntoskrnl.exe, which is found on all Windows systems, is detected on the target host.
IMPACT:
n/a
SOLUTION:
n/a
COMPLIANCE:
Type: CobIT
Section: DS5.4
Description: User Account Management Ensure that requesting, establishing, issuing, suspending, modifying and closing user accounts and related user privileges are addressed by user account management. An approval procedure outlining the data or system owner granting the access privileges should be included. These procedures should apply for all users, including administrators (privileged users), internal and external users, for normal and emergency cases. Rights and obligations relative to access to enterprise systems and information are contractually arranged for all types of users. Perform regular management review of all accounts and related privileges.

Type: SOX
Section: N/A
Description: User Access Management Granting resource access, user ID and password requirements, individual accountability, limited utilization of native administrative IDs, non-employee user ID expiration, reporting employee and contractor status changes. Operating System Access Control Password enforcement, logon information, password display and printing, required password changes, vendor default passwords, security changes after system compromise, systems software utility usage, automatic log off. Password Management Procedures exist that ensure the confidentiality and protection of passwords through secure password creation and distribution mechanisms, the enforcement and adherence to acceptable password standards, and the regular changing of passwords.

EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
%SystemRoot%\system32\ntoskrnl.exe found
Expand Severity Title Port/Service
1
BITS running on target
QID:
90346
Category:
Windows
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
08/22/2006
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The background intelligent transfer service was found running on the target. BITS transfers files in the background using idle network bandwidth.
IMPACT:
If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled.
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
BITS = RUNNING
Expand Severity Title Port/Service
1
Windows File Access Denied
QID:
90399
Category:
Windows
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
08/02/2007
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Remote access to the following files has been denied. Access to the share was successful, but remote access to the files in the Result section has been denied.
IMPACT:
Vulnerabilities that require file access may not have been detected during the scan.
SOLUTION:
See the permissions assigned to the provided user authentication credentials, and ensure that the credentials provide read access to the boot share. On Windows XP Professional use Classic for local network logins (default is Guest only, which prohibits file access). Using the Group Policy editor, this may be set at Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
File pathError code
C:\Documents And SettingsC0000022
C:\Users\Default UserC0000022
C:\Users\All Users8000002D
Expand Severity Title Port/Service
1
Microsoft Internet Explorer 9.x Installed
QID:
100108
Category:
Internet Explorer
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
09/02/2011
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Microsoft Internet Explorer 9 installed on the target machine.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
HKLM\Software\Microsoft\Internet Explorer Version = 9.0.8112.16421
Expand Severity Title Port/Service
1
Windows Registry Access Level
QID:
105025
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/09/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The scanner can access these registry keys, which are important for performing patch verification.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
HKLM\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg\AllowedPaths
Machine = Software\Microsoft\Windows NT\CurrentVersion\Print,Software\Microsoft\Windows NT\CurrentVersion\Windows,System\CurrentControlSet\Control\Print\Printers,System\CurrentControlSet\Services\Eventlog,Software\Microsoft\OLAP Server,System\CurrentControlSet\Control\ContentIndex,System\CurrentControlSet\Control\Terminal Server,System\CurrentControlSet\Control\Terminal Server\UserConfig,System\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration,Software\Microsoft\Windows NT\CurrentVersion\Perflib,System\CurrentControlSet\Services\SysmonLog
HKCR\Installer\Products 000021599B0090400100000000F01FEC
HKCR\Installer\Products 00004109110000000000000000F01FEC
HKCR\Installer\Products 000041091A0090400000000000F01FEC
HKCR\Installer\Products 00004109440090400000000000F01FEC
HKCR\Installer\Products 00004109510090400000000000F01FEC
HKCR\Installer\Products 00004109511090400000000000F01FEC
HKCR\Installer\Products 00004109610090400000000000F01FEC
HKCR\Installer\Products 00004109611090400100000000F01FEC
HKCR\Installer\Products 00004109711090400000000000F01FEC
HKCR\Installer\Products 00004109810090400000000000F01FEC
HKCR\Installer\Products 00004109910090400000000000F01FEC
HKCR\Installer\Products 00004109A10090400000000000F01FEC
HKCR\Installer\Products 00004109A20000000100000000F01FEC
HKCR\Installer\Products 00004109A20090400100000000F01FEC
HKCR\Installer\Products 00004109AB0090400000000000F01FEC
HKCR\Installer\Products 00004109B10090400000000000F01FEC
HKCR\Installer\Products 00004109C20090400000000000F01FEC
HKCR\Installer\Products 00004109E60090400000000000F01FEC
HKCR\Installer\Products 00004109F10090400000000000F01FEC
HKCR\Installer\Products 00004109F100A0C00000000000F01FEC
HKCR\Installer\Products 00004109F100C0400000000000F01FEC
HKCR\Installer\Products 05DDF2F63F0E71145B57877EF7D811FE
HKCR\Installer\Products 1007C6B46D7C017319E3B52CF3EC196E
HKCR\Installer\Products 153AA053AF120723B8A73845437E66DA
HKCR\Installer\Products 1926E8D15D0BCE53481466615F760A7F
HKCR\Installer\Products 1af2a8da7e60d0b429d7e6453b3d0182
HKCR\Installer\Products 1D5E3C0FEDA1E123187686FED06E995A
HKCR\Installer\Products 4EA42A62D9304AC4784BF238120634FF
HKCR\Installer\Products 67D6ECF5CD5FBA732B8B22BAC8DE1B4D
HKCR\Installer\Products 684557F1BCBA81449AB6F4B7D423DB16
HKCR\Installer\Products 6E815EB96CCE9A53884E7857C57002F0
HKCR\Installer\Products c1c4f01781cc94c4c8fb1542c0981a2a
HKCR\Installer\Products C28643E881181F13CBC489DC69571E2C
HKCR\Installer\Products D6AD57C53E5FB4D43A185BB2C85A1BFC
HKCR\Installer\Products D7314F9862C648A4DB8BE2A5B47BE100
HKCR\Installer\Products D7827CF2DD9348A489602DD7C3DC5CB1
HKCR\Installer\Products D8672017DF75E5545BCD6AF6BC723D85
HKCR\Installer\Products DFC90B5F2B0FFA63D84FD16F6BF37C4B
HKCR\Installer\Products EF6323317F2E3134B88F1AA0ACAAC79B
HKCR\Installer\Products F60730A4A66673047777F5728467D401
HKCR\Installer\Products FAE62504583F5B249BBF9227C3C21470
HKCR\Installer\Products FDF782756E72CB54D92D3A53544CC6A1
HKCR\Installer\Patches 02F4C8D4F4E786040A4AFB48D12496A3
HKCR\Installer\Patches 04E94178B8C461E458175DE4B918D7B0
HKCR\Installer\Patches 074164168618B4F4797B16A73F450F82
HKCR\Installer\Patches 08E9F62361EFA2D428A7E41E8AB7C18E
HKCR\Installer\Patches 0A525BFE0C1E23E49986EF04B18C3736
HKCR\Installer\Patches 0A581DB6F76E77F4B8DC3EE46AEA67FD
HKCR\Installer\Patches 0B7CD0ED11803DF4F87B1EB31C4D5459
HKCR\Installer\Patches 0DCC51D514A265D4DA09F440C90E0B46
HKCR\Installer\Patches 0FF4968C3028B3840AA7B24C403361D7
HKCR\Installer\Patches 170D2AD5C45A0C74385E346CD3FB9D63
HKCR\Installer\Patches 1803428F0BF38EE4B9A2F6D707FA2596
HKCR\Installer\Patches 186FF06466CB83C499FD07210EF3E1AB
HKCR\Installer\Patches 18A997D716659513FB29571416EC6D6E
HKCR\Installer\Patches 1A8486E8097BEF4329A15A1329852E45
HKCR\Installer\Patches 1ECCD528F6F045B4DA6A6262958FBD23
HKCR\Installer\Patches 2387A599215B5D64789CD217BF454153
HKCR\Installer\Patches 295099831A6F62A4697C60003EA67E49
HKCR\Installer\Patches 2C6B1E849927F3F4AA36240FCA5EA54A
HKCR\Installer\Patches 2D0058F6F08A743309184BE1178C95B2
HKCR\Installer\Patches 2EB78AEDCCFF33F49964CFEB551A9E89
HKCR\Installer\Patches 2EF84CCCF571EDC428FD7FCB64271C3A
HKCR\Installer\Patches 34D2E082CC11EDA41A172968CC5B14B2
HKCR\Installer\Patches 3F44AC703B5F21D4C819DE5CEF194DC5
HKCR\Installer\Patches 42D6868A98E11A3479E3502A852D3B8F
HKCR\Installer\Patches 45185051F9644974CA5D498F24F0B908
HKCR\Installer\Patches 45749874CEF00294A956C6E1375278CA
HKCR\Installer\Patches 4712B95E429EF1135894DA17C44166D4
HKCR\Installer\Patches 4842CBEBC092DA648943D6DAF18A2037
HKCR\Installer\Patches 4A48104E16A4E2D30953BCE6E116E070
HKCR\Installer\Patches 4AB286A087C33C24D8FDBEA9A6EB5553
HKCR\Installer\Patches 4D14557B07937CC439B44DF8C862CD5A
HKCR\Installer\Patches 4D54076CED4F5BA32BBD3E5FAD1CD4C9
HKCR\Installer\Patches 4EC8900661BE1D24F96F2943882CBA62
HKCR\Installer\Patches 4FD39AC72098E9444AE2C49532FCDB3E
HKCR\Installer\Patches 5159845B4DD65A74EAE44657D1511FE0
HKCR\Installer\Patches 54805F993E5560E4A9A5713DF7D4F49B
HKCR\Installer\Patches 56D636815A3BA6B48A962A5DF7CA5221
HKCR\Installer\Patches 590EBC1FD304D664BB311B585A3F2313
HKCR\Installer\Patches 5E2C63AD43B6A6A3C9A0D7C11C5C7A86
HKCR\Installer\Patches 6666618475F668844ADD8B17B7D09977
HKCR\Installer\Patches 73BDEBC1834CF374B80A52530B2D732E
HKCR\Installer\Patches 755EABC77B68ED34FB48F29E22E6686C
HKCR\Installer\Patches 7828AFD463AE964399EF5F86EF8C6135
HKCR\Installer\Patches 79EB7C9295ED2A736A78A2DD351249A8
HKCR\Installer\Patches 7BC896532AAA77545B50BDFF05A4FE32
HKCR\Installer\Patches 7BE1FC0F75E358F448F33B7C098815D0
HKCR\Installer\Patches 7E3370D349A46EB479ADF9902AA6EDD0
HKCR\Installer\Patches 7F0D762D0779D764CA3FBFF2E7A05C23
HKCR\Installer\Patches 83ACCA993DD68A8469EA2A389C572997
HKCR\Installer\Patches 8690B740226EAAF4B9B421F11A90DEED
HKCR\Installer\Patches 8CF94CA72D8F8DD40968905E32582AF1
HKCR\Installer\Patches 947FFEE192F6B0F4BA80C4E65AA21A01
HKCR\Installer\Patches 9621867CB47DCFA4683232D19D6E2695
HKCR\Installer\Patches 989E63749D2319B3097D6C88841E81AC
HKCR\Installer\Patches 9BF3A733D1828CE4C91CF7D6AD2C53F9
HKCR\Installer\Patches 9C0E4FF9BB1123B4CAE5AE8B69BC2461
HKCR\Installer\Patches A15A28B7B867B7A3DAAF7F7790A70897
HKCR\Installer\Patches A16106FD723BA16408934FD32041A952
HKCR\Installer\Patches A2FC3B817F3761741BEA686D78624D80
HKCR\Installer\Patches A3A76E3716D8FE44092C61793CBD6E86
HKCR\Installer\Patches A3CD568989829D849BA6649357179C43
HKCR\Installer\Patches A64B6C6D1EC61654480AFE5DB8A89B97
HKCR\Installer\Patches A6F89264E7E1A4D45B5F01A6F4E0846C
HKCR\Installer\Patches A9ED13DE31E3C2E419600E8DFABFF96A
HKCR\Installer\Patches AB050DF9DB974A24E9428E1EF3C177F5
HKCR\Installer\Patches AEEE89D4B13AAF2499A19F9895F4D45A
HKCR\Installer\Patches B1237EFD419F5BA4C847F1C89C231B0B
HKCR\Installer\Patches B51775DE325D9CE458B4BFE367E83494
HKCR\Installer\Patches B63F5D56DA205CE4BB450E6BE573779D
HKCR\Installer\Patches B66B1A452B5FDA54B891F5150A721A9B
HKCR\Installer\Patches B9A62F4C121B531408480A9D7C087C8C
HKCR\Installer\Patches BA9B7E712DD2D754D8E8DC41CA9A37EF
HKCR\Installer\Patches BC5E0960C9135AF45831E252B5BB929B
HKCR\Installer\Patches BE945E5A3DDF1DC41836054D923A5661
HKCR\Installer\Patches C20FE769E7C58174F8BCDB0C0591C0FC
HKCR\Installer\Patches C5842F10EEAF7E7489E64B2FFF2CD275
HKCR\Installer\Patches C6548B8C21A65273598AC1F9EBE11314
HKCR\Installer\Patches C7300654653EA4440A512DF184D708E9
HKCR\Installer\Patches C8E5AF1B2432FA54A826E56800248FFD
HKCR\Installer\Patches CCEA31634541DDD4CA634CD21CD6D6EE
HKCR\Installer\Patches D0D6F20AA2D9B7542BD78CC0C1C198CD
HKCR\Installer\Patches D620DFC9C1BE2C84D92DE888572F152B
HKCR\Installer\Patches D6A20801FBDE3834CBDBD9B5235FD653
HKCR\Installer\Patches D6C8D67B31F17A2499137D05C48BD9D6
HKCR\Installer\Patches DCB149AB54CB46D3BA98F037977015C5
HKCR\Installer\Patches DFBFD6CBDD611E747AFEC2609203AFF4
HKCR\Installer\Patches E26C6FA6D3E4FB335A19E9D435DB2FF2
HKCR\Installer\Patches E279CC37FBA6B654E9E1ABCDE0565BA7
HKCR\Installer\Patches E3E9BCDF04AF9E04FA4F37DB8E5E2250
HKCR\Installer\Patches E612336C03FF6B542BBA1229A23935FE
HKCR\Installer\Patches E6E126D9010E08C30A55318519317405
HKCR\Installer\Patches E7CBA60C32981BB47A2A91F7A5E39037
HKCR\Installer\Patches ECDDD6B6654B1EF4A970BD1C07E81485
HKCR\Installer\Patches ED1EDBE582B34314BA0058FC2F4B9FD4
HKCR\Installer\Patches F1AB93CC52A7C044687A773ED5C88CC8
HKCR\Installer\Patches F2417B412E7D0BF4E9B3C7AAD8F7CF65
HKCR\Installer\Patches F2E6961F3084F2637A65563B3684F36E
HKCR\Installer\Patches FB0D6ECD4E395C64A9C71FFE9F07C720
Expand Severity Title Port/Service
1
Microsoft Windows System Hardware Enumeration, CPU
QID:
105054
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
10/27/2004
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The Windows system CPU information for this host is enumerated.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
HKLM\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Identifier=Intel64 Family 6 Model 45 Stepping 7
ProcessorNameString=Intel(R) Xeon(R) CPU E5-2620 0 @ 2.00GHz
VendorIdentifier=GenuineIntel
~MHz=1999
Expand Severity Title Port/Service
1
Microsoft Windows System Hardware Enumeration, IDE Controllers
QID:
105055
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
10/22/2004
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Information about the IDE controllers on this system is enumerated.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
HKLM\SYSTEM\CurrentControlSet\Enum\pci\VEN_8086&DEV_7111&SUBSYS_00000000&REV_01\3&267a616a&1&39\Control{4d36e96a-e325-11ce-bfc1-08002be10318}\0000
Dev:@mshdc.inf, %pci\ven_8086&dev_7111.devicedesc%;Intel(R) 82371AB/EB PCI Bus Master IDE Controller
Manufacturer:@mshdc.inf, %intel%;Intel
Service:intelide
Driver Instance:{4d36e96a-e325-11ce-bfc1-08002be10318}\0000
Driver Description:Intel(R) 82371AB/EB PCI Bus Master IDE Controller
Driver_Date:6-21-2006
Driver_Version:6.1.7601.17514
Expand Severity Title Port/Service
1
Microsoft Windows System Hardware Enumeration, Input Devices
QID:
105058
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
10/25/2004
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Keyboard and pointing device details of this Windows system are enumerated. Information about your keyboard, pointing device ("mouse"), and other input devices is provided.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
HKLM\SYSTEM\CurrentControlSet\Enum\ACPI\PNP0F03\4&30998706&0\Control{4d36e96f-e325-11ce-bfc1-08002be10318}\0000
Dev:@msmouse.inf, %*pnp0f03.devicedesc%;Microsoft PS/2 Mouse
Manufacturer:@msmouse.inf, %msmfg%;Microsoft
Service:i8042prt
Driver Instance:{4d36e96f-e325-11ce-bfc1-08002be10318}\0000
Driver Description:Microsoft PS/2 Mouse
Driver_Date:6-21-2006
Driver_Version:6.1.7600.16385
HKLM\SYSTEM\CurrentControlSet\Enum\ACPI\PNP0303\4&30998706&0\Control{4d36e96b-e325-11ce-bfc1-08002be10318}\0000
Dev:@keyboard.inf, %*pnp0303.devicedesc%;StandardPS/2Keyboard
Manufacturer:@keyboard.inf, %std-keyboards%;(Standardkeyboards)
Service:i8042prt
DriverInstance:{4d36e96b-e325-11ce-bfc1-08002be10318}\0000
DriverDescription:StandardPS/2Keyboard
Driver Date:6-21-2006
Driver Version:6.1.7601.17514
Expand Severity Title Port/Service
1
Microsoft Windows System Hardware Enumeration, Networking Components
QID:
105059
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
09/23/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The network components are enumerated and information presented in three subcategories: Adapter, Protocol, and WinSock. These subcategories display information about the network adapters, protocols, and WinSock settings on the host system. Support engineers and network administrators can use this information to verify network configurations.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
HKLM\SYSTEM\CurrentControlSet\Enum\sw\{eeab7790-c514-11d1-b42b-00805fc1270e}\asyncmac\Control{4d36e972-e325-11ce-bfc1-08002be10318}\0011
Dev:@netrasa.inf, %mp-asyncmac-dispname%;RAS Async Adapter
Manufacturer:@netrasa.inf, %msft%;Microsoft
Service:AsyncMac
Driver Instance:{4d36e972-e325-11ce-bfc1-08002be10318}\0011
Driver Description:RAS Async Adapter
Driver_Date:6-21-2006
Driver_Version:6.1.7601.17514
Expand Severity Title Port/Service
1
Microsoft Windows System Hardware Enumeration: Serial, Parallel and USB Device Drivers
QID:
105060
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
10/08/2007
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Information about universal serial bus (USB) device drivers and controllers on this computer is enumerated. The Device column lists each installed USB device driver, and the PNP Device ID column lists the ID for the device.

For serial ports and parallel ports, this information is provided: name, status, I/O port (the communication channel among hardware devices installed on the computer), IRQ channel, and driver.

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
HKLM\SYSTEM\CurrentControlSet\Enum\ACPI\PNP0501\1\Control{4d36e978-e325-11ce-bfc1-08002be10318}\0000
Dev:@msports.inf, %*pnp0501.devicedesc%;Communications Port
Manufacturer:@msports.inf, %std%;(Standard port types)
Service:Serial
Driver Instance:{4d36e978-e325-11ce-bfc1-08002be10318}\0000
Driver Description:Communications Port
Driver_Date:6-21-2006
Driver_Version:6.1.7600.16385
HKLM\SYSTEM\CurrentControlSet\Enum\ACPI\PNP0501\2\Control{4d36e978-e325-11ce-bfc1-08002be10318}\0001
Dev:@msports.inf, %*pnp0501.devicedesc%;Communications Port
Manufacturer:@msports.inf, %std%;(Standard port types)
Service:Serial
Driver Instance:{4d36e978-e325-11ce-bfc1-08002be10318}\0001
Driver Description:Communications Port
Driver_Date:6-21-2006
Driver_Version:6.1.7600.16385
Expand Severity Title Port/Service
1
Microsoft Windows Audit Settings Enumerated From LSA
QID:
105063
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
08/09/2006
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The account audit configuration is enumerated. The audit settings are:
Audit System Events
Audit Logon Events
Audit Object Access
Audit Privilege Use
Audit Process Tracking
Audit Policy Change
Audit Account Management
Audit Directory Service Access
Audit Account Logon

You should specify an administrator privileged user in the "Windows Authentication Record" preferences of QualysGuard for this detection to be successful.

IMPACT:
N/A
SOLUTION:
It is advised to log at least the logon events as a best practice.

Use the MMC snapin "Administrative Tools" - "Local Security Policy" to change the settings. These options are listed under "Local Policy" - "Audit Policy".

COMPLIANCE:
Type: CobIT
Section: N/A
Description: The IT Management Official (or Technology Architecture Manager) ensures audit trail/system upgrade histories are stored in a secure location with update/delete access granted on a strict business need only basis to technology support personnel.

Type: HIPAA
Section: 164.308(a)(5)(ii)(C)
Description: Log-In Monitoring Procedures for monitoring log-in attempts and reporting discrepancies.

Type: SOX
Section: N/A
Description: Event capture/violation logging is enabled at the operating system to record the following: - All significant security relevant events including, but not limited to, invalid password guessing attempts, failed attempts to use privileges or resources that are not authorized - All user ID creation, deletion, and privilege change activity performed by system administrators and others with privileged user IDs

EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Audit system eventsSuccess, Failure
Audit logon eventsNo Auditing
Audit object accessNo Auditing
Audit privilege useNo Auditing
Audit process trackingNo Auditing
Audit policy changeNo Auditing
Audit account managementNo Auditing
Audit directory service accessNo Auditing
Audit account logon eventsNo Auditing
Expand Severity Title Port/Service
1
File Access Permissions for Regedt32.exe
QID:
105141
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
03/28/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The Registry Editors allow administrators and applications to tweak the system. Malicious users with unauthorized access could compromise the system or gather sensitive information about it from the registry. Access to registry editors should be limited to only the authorized administrative users. The permissions for the target's regedit32.exe registry editor binaries are listed in the Result section below.
IMPACT:
N/A
SOLUTION:
Verify that only legitimate administrative, authorized users have access to the registry editors.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
%windir%\system32\regedt32.exe Administrators 544 access_allowed synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
%windir%\system32\regedt32.exe SYSTEM 18 access_allowed synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
%windir%\system32\regedt32.exe Users 545 access_allowed synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
Expand Severity Title Port/Service
1
File Access Permissions for Regedit.exe
QID:
105154
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
03/25/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The Registry Editors allow administrators and applications to tweak the system. Malicious users with unauthorized access could compromise the system or gather sensitive information about it from the registry. Access to registry editors should be limited to only the authorized administrative users. The permissions for the host's registry editor binary "regedit.exe" are listed in the Result section below.
IMPACT:
N/A
SOLUTION:
Verify that only legitimate administrative, authorized users have access to the registry editors.
COMPLIANCE:
Type: CobIT
Section: DS5.4
Description: User Account Management Ensure that requesting, establishing, issuing, suspending, modifying and closing user accounts and related user privileges are addressed by user account management. An approval procedure outlining the data or system owner granting the access privileges should be included. These procedures should apply for all users, including administrators (privileged users), internal and external users, for normal and emergency cases. Rights and obligations relative to access to enterprise systems and information are contractually arranged for all types of users. Perform regular management review of all accounts and related privileges.

EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
%windir%\regedit.exe Administrators 544 access_allowed synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
%windir%\regedit.exe SYSTEM 18 access_allowed synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
%windir%\regedit.exe Users 545 access_allowed synchronize generic_write delete_child generic_all generic_execute write_attributes read_extended_attributes execute append_data read_data standard_read standard_delete write_data read_attributes write_extended_attributes generic_read standard_write_dac standard_write_owner
Expand Severity Title Port/Service
1
Microsoft Windows System EventLog Policy Parameters
QID:
105165
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
04/18/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
This reports the EventLog parameters for the System database that are of interest to compliance audits. These configurations exist under this registry subkey:

HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\System

RestrictGuestAccess - Setting this to 1 prevents guests and anonymous user accounts from having read access to the System EventLog.

MaxSize - This value specifies tha maximum size limit for the System EventLog database.

Retention - This value specifies the overwrite behavior for the System EventLog. 0 means overwrite as needed. 0xffffffff means do not overwrite events, and other values specify number of days that eventlog entries are preserved before overwriting.

IMPACT:
N/A
SOLUTION:
Configure the System EventLog by changing the registry values to appropriate values, or use the EventViewer GUI to change the parameters.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
HKLM\SYSTEM\CurrentControlSet\Services\EventLog\System
MaxSize=33554432
Retention=0
RestrictGuestAccess=1
Expand Severity Title Port/Service
1
Microsoft Windows Application EventLog Policy Parameters
QID:
105166
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
04/18/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
This reports the EventLog parameters for the System database that are of interest to compliance audits. These configurations exist under this registry subkey:

HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application

RestrictGuestAccess - Setting this to 1 prevents guests and anonymous user accounts from having read access to the Application EventLog database.

MaxSize - This value specifies tha maximum size limit for the Application EventLog database.

Retention - This value specifies the overwrite behavior for the Application EventLog. 0 means overwrite as needed. 0xffffffff means do not overwrite events, and other values specify the number of days of eventlog entries that are preserved before overwriting.

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Type: CobIT
Section: DS5.4
Description: User Account Management Ensure that requesting, establishing, issuing, suspending, modifying and closing user accounts and related user privileges are addressed by user account management. An approval procedure outlining the data or system owner granting the access privileges should be included. These procedures should apply for all users, including administrators (privileged users), internal and external users, for normal and emergency cases. Rights and obligations relative to access to enterprise systems and information are contractually arranged for all types of users. Perform regular management review of all accounts and related privileges.

EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
MaxSize=33554432
Retention=0
RestrictGuestAccess=1
Expand Severity Title Port/Service
1
Microsoft Windows Security EventLog Policy Parameters
QID:
105167
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
04/07/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
This reports the EventLog parameters for the Security database that are of interest to compliance audits. These configurations exist under this registry subkey:
HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security

RestrictGuestAccess - Setting this to 1 prevents guests and anonymous user accounts from having read access to the Security EventLog.

MaxSize - This value specifies tha maximum size limit for the Security EventLog database.

Retention - This value specifies the overwrite behavior for the Security EventLog. 0 means overwrite as needed. 0xffffffff means do not overwrite events, and other values specify the number of days of eventlog entries that are preserved before overwriting.

IMPACT:
N/A
SOLUTION:
Configure the Security Eventlog by changing the registry values to appropriate values or use the EventViewer GUI to change the parameters.
COMPLIANCE:
Type: CobIT
Section: DS5.4
Description: User Account Management Ensure that requesting, establishing, issuing, suspending, modifying and closing user accounts and related user privileges are addressed by user account management. An approval procedure outlining the data or system owner granting the access privileges should be included. These procedures should apply for all users, including administrators (privileged users), internal and external users, for normal and emergency cases. Rights and obligations relative to access to enterprise systems and information are contractually arranged for all types of users. Perform regular management review of all accounts and related privileges.

EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Security
MaxSize=1073741824
Retention=0
RestrictGuestAccess=1
Expand Severity Title Port/Service
1
Message For Users Attempting To Logon To Windows System
QID:
105179
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
04/20/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Windows has a log-on notice setting that allows administrators to display a legal notice prior to users logging in. This check tests to see if the legal log-on notice is set at the target and enumerates the current value.
IMPACT:
This notice is used to ensure that sensitive systems are only accessed by authorized personnel.
SOLUTION:
The legal text can be added through the local security policy GUI or through the following registry values under the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon

LegalNoticeCaption (REG_SZ) and LegalNoticeText (REG_SZ)

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon
LegalNoticeCaption =
LegalNoticeText =
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System
legalnoticecaption = UNAUTHORIZED ACCESS TO THIS SYSTEM IS PROHIBITED
legalnoticetext = The University of North Carolina at Chapel Hill
Unauthorized access to this system is prohibited!
This is a University system intended for University purposes only. The University reserves the right to monitor the use of this system as required to ensure its stability, availability, and security.
Please report any problems to help@unc.edu, or 962-HELP, or go to http://help.unc.edu and click on the request help button to submit a help request.
Expand Severity Title Port/Service
1
Group Policy Objects Processed By SecCli are Enumerated from History Log
QID:
105238
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
09/26/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The group policy objects that are processed by the policy SecCli extension agent are enumerated. SecCli processes the security policy options set using the group policy editor MMC console.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
GPO Installed by Policy Agent - HKLM\Software\Microsoft\Windows\CurrentVersion\Group Policy\History\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}
Entry: 0
DisplayName: Local Group Policy
DSPath: LocalGPO
GPOName: Local Group Policy
Link: Local
Entry: 1
DisplayName: Domain_Domain Policy-Common
DSPath: LDAP://CN=Machine,cn={A7A40BA4-38F7-4C01-B2B6-9EA2033A2297},cn=policies,cn=system,DC=ad,DC=unc,DC=edu
GPOName: {A7A40BA4-38F7-4C01-B2B6-9EA2033A2297}
Link: LDAP://DC=ad,DC=unc,DC=edu
Entry: 10
DisplayName: Common_Member Server Baseline Policy (SSLF)-Win2008
DSPath: LDAP://CN=Machine,cn={282C31D7-624E-42EC-8C60-83E424A04FF5},cn=policies,cn=system,DC=ad,DC=unc,DC=edu
GPOName: {282C31D7-624E-42EC-8C60-83E424A04FF5}
Link: LDAP://OU=Servers,OU=SOP,OU=UNC,DC=ad,DC=unc,DC=edu
Entry: 11
DisplayName: SOP_TS Servers
DSPath: LDAP://CN=Machine,cn={519B7BDE-C9F7-4B2A-84C0-4A2D8C5640AD},cn=policies,cn=system,DC=ad,DC=unc,DC=edu
GPOName: {519B7BDE-C9F7-4B2A-84C0-4A2D8C5640AD}
Link: LDAP://OU=Servers,OU=SOP,OU=UNC,DC=ad,DC=unc,DC=edu
Entry: 12
DisplayName: SOP_Servers Policy
DSPath: LDAP://CN=Machine,cn={57D89017-E987-4715-86F9-38DB3D126957},cn=policies,cn=system,DC=ad,DC=unc,DC=edu
GPOName: {57D89017-E987-4715-86F9-38DB3D126957}
Link: LDAP://OU=Servers,OU=SOP,OU=UNC,DC=ad,DC=unc,DC=edu
Entry: 13
DisplayName: SOP_Data Protection Manager Policy
DSPath: LDAP://CN=Machine,cn={61F12052-4703-4313-8CC9-796789A62456},cn=policies,cn=system,DC=ad,DC=unc,DC=edu
GPOName: {61F12052-4703-4313-8CC9-796789A62456}
Link: LDAP://OU=VMHOST,OU=Servers,OU=SOP,OU=UNC,DC=ad,DC=unc,DC=edu
Entry: 14
DisplayName: SOP_VMHOST IPSec Isolation DMZ Policy
DSPath: LDAP://CN=Machine,cn={846166A8-74AF-444C-BE3E-7B854BC88965},cn=policies,cn=system,DC=ad,DC=unc,DC=edu
GPOName: {846166A8-74AF-444C-BE3E-7B854BC88965}
Link: LDAP://OU=VMHOST,OU=Servers,OU=SOP,OU=UNC,DC=ad,DC=unc,DC=edu
Entry: 15
DisplayName: SOP_VMHOST IPSec Exemption UNC Policy
DSPath: LDAP://CN=Machine,cn={8F035AE6-0724-40B9-8186-A5F90D8CC759},cn=policies,cn=system,DC=ad,DC=unc,DC=edu
GPOName: {8F035AE6-0724-40B9-8186-A5F90D8CC759}
Link: LDAP://OU=VMHOST,OU=Servers,OU=SOP,OU=UNC,DC=ad,DC=unc,DC=edu
Entry: 16
DisplayName: SOP_VMHOST IPSec Exemption Base Policy
DSPath: LDAP://CN=Machine,cn={83A0AD4C-E137-4AA8-8EF5-71499C6934F7},cn=policies,cn=system,DC=ad,DC=unc,DC=edu
GPOName: {83A0AD4C-E137-4AA8-8EF5-71499C6934F7}
Link: LDAP://OU=VMHOST,OU=Servers,OU=SOP,OU=UNC,DC=ad,DC=unc,DC=edu
Entry: 17
DisplayName: SOP_Server Office Activation Settings Policy
DSPath: LDAP://CN=Machine,cn={9F69C578-5B67-4667-BF3A-032DB77AE776},cn=policies,cn=system,DC=ad,DC=unc,DC=edu
GPOName: {9F69C578-5B67-4667-BF3A-032DB77AE776}
Link: LDAP://OU=TS,OU=VMHOST,OU=Servers,OU=SOP,OU=UNC,DC=ad,DC=unc,DC=edu
Entry: 18
DisplayName: SOP_TS2
DSPath: LDAP://CN=Machine,cn={734C9955-941A-4B60-80A7-27578EDD9050},cn=policies,cn=system,DC=ad,DC=unc,DC=edu
GPOName: {734C9955-941A-4B60-80A7-27578EDD9050}
Link: LDAP://OU=TS2,OU=TS,OU=VMHOST,OU=Servers,OU=SOP,OU=UNC,DC=ad,DC=unc,DC=edu
Entry: 19
DisplayName: SOP_Strict Firewall Policy
DSPath: LDAP://CN=Machine,cn={E56AB62D-932B-4FDB-82AE-4CBE8CEC3081},cn=policies,cn=system,DC=ad,DC=unc,DC=edu
GPOName: {E56AB62D-932B-4FDB-82AE-4CBE8CEC3081}
Link: LDAP://OU=TS2,OU=TS,OU=VMHOST,OU=Servers,OU=SOP,OU=UNC,DC=ad,DC=unc,DC=edu
Entry: 2
DisplayName: Domain_Domain Policy-7/2008 R2
DSPath: LDAP://CN=Machine,cn={06A0D02D-F78E-49A0-914A-708F1B122CCF},cn=policies,cn=system,DC=ad,DC=unc,DC=edu
GPOName: {06A0D02D-F78E-49A0-914A-708F1B122CCF}
Link: LDAP://DC=ad,DC=unc,DC=edu
Entry: 20
DisplayName: SOP_RDCSH Trusted Servers Policy
DSPath: LDAP://CN=Machine,cn={01EE6ECC-97DE-4D66-B2C7-FED02691FF8A},cn=policies,cn=system,DC=ad,DC=unc,DC=edu
GPOName: {01EE6ECC-97DE-4D66-B2C7-FED02691FF8A}
Link: LDAP://OU=TS2,OU=TS,OU=VMHOST,OU=Servers,OU=SOP,OU=UNC,DC=ad,DC=unc,DC=edu
Entry: 3
DisplayName: Domain_WSUS Policy
DSPath: LDAP://CN=Machine,cn={DF283970-2C6B-4A1E-B160-07265FEB083A},cn=policies,cn=system,DC=ad,DC=unc,DC=edu
GPOName: {DF283970-2C6B-4A1E-B160-07265FEB083A}
Link: LDAP://DC=ad,DC=unc,DC=edu
Entry: 4
DisplayName: Domain_Qualys Authenticated Security Scan Policy
DSPath: LDAP://CN=Machine,cn={C5944470-A5BD-49E5-BF78-ED95851C657A},cn=policies,cn=system,DC=ad,DC=unc,DC=edu
GPOName: {C5944470-A5BD-49E5-BF78-ED95851C657A}
Link: LDAP://DC=ad,DC=unc,DC=edu
Entry: 5
DisplayName: Domain_Computer Client Certificate Enrollment Policy
DSPath: LDAP://CN=Machine,cn={B7FCF05F-36E4-4BD7-B505-968BDC047977},cn=policies,cn=system,DC=ad,DC=unc,DC=edu
GPOName: {B7FCF05F-36E4-4BD7-B505-968BDC047977}
Link: LDAP://OU=UNC,DC=ad,DC=unc,DC=edu
Entry: 6
DisplayName: UNC_Disable Skype Super Nodes
DSPath: LDAP://CN=Machine,cn={29B24245-69A6-4166-B230-20261CBFDC89},cn=policies,cn=system,DC=ad,DC=unc,DC=edu
GPOName: {29B24245-69A6-4166-B230-20261CBFDC89}
Link: LDAP://OU=UNC,DC=ad,DC=unc,DC=edu
Entry: 7
DisplayName: UNC_Security Zones Exceptions Policy
DSPath: LDAP://CN=Machine,cn={078B9578-D057-400B-A3EC-63EA37635809},cn=policies,cn=system,DC=ad,DC=unc,DC=edu
GPOName: {078B9578-D057-400B-A3EC-63EA37635809}
Link: LDAP://OU=UNC,DC=ad,DC=unc,DC=edu
Entry: 8
DisplayName: UNC_Software Restrictions Policy-A
DSPath: LDAP://CN=Machine,cn={9CB697C1-C5EC-460B-A466-09F6CEED5D23},cn=policies,cn=system,DC=ad,DC=unc,DC=edu
GPOName: {9CB697C1-C5EC-460B-A466-09F6CEED5D23}
Link: LDAP://OU=UNC,DC=ad,DC=unc,DC=edu
Entry: 9
DisplayName: SOP_OU Policy
DSPath: LDAP://CN=Machine,cn={19732FEB-83C8-4E30-96FD-83008F5FB788},cn=policies,cn=system,DC=ad,DC=unc,DC=edu
GPOName: {19732FEB-83C8-4E30-96FD-83008F5FB788}
Link: LDAP://OU=SOP,OU=UNC,DC=ad,DC=unc,DC=edu
Expand Severity Title Port/Service
1
Windows Builtin User Group Membership Audit - Backup Operators
QID:
105239
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
11/11/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The members of the Backup Operators Group are enumerated. It is essential to make sure unauthorized users are not part of this builtin group.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Backup Operators No members in this group
Expand Severity Title Port/Service
1
Windows Builtin User Group Membership Audit - Replicator
QID:
105240
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
11/11/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
User accounts that are members of the Replicator Group are enumerated from the target host.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Replicator No members in this group
Expand Severity Title Port/Service
1
Windows Builtin User Group Membership Audit - Network Configuration Operators
QID:
105241
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
11/11/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The user accounts that are members of the Network Configuration Operators group are enumerated.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Network Configuration Operators No members in this group
Expand Severity Title Port/Service
1
IPSEC Policy Agent Service Status Detected
QID:
105256
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
11/28/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The status of IPSEC Policy Agent Service at the target Windows machine is enumerated.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
PolicyAgent = RUNNING
Expand Severity Title Port/Service
1
ActiveX Controls Enumerated
QID:
105276
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
12/15/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The ActiveX controls from the target Microsoft Windows system are enumerated.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Control:{04a1e553-fe36-4fde-865e-344194e69424}DisplayName:Microsoft InkPicture ControlVersion:1.0
Control:{0556E0C2-6940-457a-A3D5-6BB7F4C2288F}DisplayName:DataModel ClassVersion:9.2
Expand Severity Title Port/Service
1
Internet Explorer Search Companion Setting
QID:
105291
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
02/14/2006
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Search Companion settings for users are enumerated from the target Microsoft Windows machine. Search Companion is a feature integrated into Internet Explorer that allows Internet searches for files using a web service hosted by Microsoft.
IMPACT:
N/A
SOLUTION:
Search Companion can be disabled using the Internet Explorer GUI.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
KEY: Software\Microsoft\Internet Explorer\MainUse Search Asst
Local_SystemLast Change:value_missing_Q
Local_ServiceLast Change:value_missing_Q
Network_ServiceLast Change:value_missing_Q
Domain_AdministratorLast Change:value_missing_Q
AD\linhongLast Change:value_missing_Q
AD\radenLast Change:value_missing_Q
AD\sop_cdfreema.admLast Change:value_missing_Q
AD\saynerLast Change:value_missing_Q
AD\mcintyLast Change:value_missing_Q
AD\slotaLast Change:value_missing_Q
AD\cquachLast Change:value_missing_Q
AD\awrLast Change:value_missing_Q
AD\slewis7Last Change:value_missing_Q
AD\dombekdmLast Change:value_missing_Q
AD\gangfangLast Change:value_missing_Q
AD\oramscLast Change:value_missing_Q
AD\sop_dombekdm.admLast Change:value_missing_Q
AD\overmarLast Change:value_missing_Q
AD\moorehnLast Change:value_missing_Q
AD\mborseLast Change:value_missing_Q
AD\tadurhamLast Change:value_missing_Q
AD\diep211Last Change:value_missing_Q
AD\cdfreemaLast Change:value_missing_Q
Expand Severity Title Port/Service
1
Windows Defender Installed
QID:
105310
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
06/30/2006
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Windows Defender is installed on the target host.
IMPACT:
n/a
SOLUTION:
n/a
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
HKLM\SOFTWARE\Microsoft\Windows Defender\Signature Updates
EngineVersion = 1.1.9302.0
Expand Severity Title Port/Service
1
Microsoft Office Component Detected
QID:
110187
Category:
Office Application
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
07/24/2012
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Microsoft office component is detected.

Microsoft Office is a proprietary commercial office suite of desktop applications, servers and services for the Microsoft Windows and Mac OS X operating systems.

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
ApplicationInstalled VersionLocation
Microsoft Word 201014.0.6129.5000C:\Program Files (x86)\Microsoft Office\Office14\\winword.exe
Microsoft Access 201014.0.6024.1000C:\Program Files (x86)\Microsoft Office\Office14\\msaccess.exe
Microsoft Excel 201014.0.6126.5003C:\Program Files (x86)\Microsoft Office\Office14\\excel.exe
Expand Severity Title Port/Service
1
Microsoft Silverlight Version
QID:
115635
Category:
Local
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
10/02/2007
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Microsoft Silverlight is a cross-browser, cross-platform, plug-in for delivering media experiences and rich interactive applications for the Web. The Microsoft Silverlight version is shown.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
HKLM\SOFTWARE\Microsoft\Silverlight
Version = 5.1.20125.0
Expand Severity Title Port/Service
1
SSL Server Information Retrieval port 27599/tcp over SSL
QID:
38116
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
07/28/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:

The following is a list of supported SSL ciphers. Note: If a cipher is included in this list it means that it was possible to establish a SSL connection using that cipher. There are some web servers setups that allow connections to be established using a LOW grade cipher, only to provide a web page stating that the URL is accessible only through a non-LOW grade cipher. In this case even though LOW grade cipher will be listed here QID 38140 will not be reported.

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
SSLv2_PROTOCOL_IS_DISABLED _ _ _ _ _
SSLv3_PROTOCOL_IS_ENABLED _ _ _ _ _
SSLv3 COMPRESSION_METHOD None _ _ _
TLSv1_PROTOCOL_IS_ENABLED _ _ _ _ _
TLSv1 COMPRESSION_METHOD None _ _ _
ECDHE-RSA-AES256-SHA ECDH RSA SHA1 AES(256) _HIGH_
AES256-SHA RSA RSA SHA1 AES(256) _HIGH_
DES-CBC3-SHA RSA RSA SHA1 3DES(168) _HIGH_
ECDHE-RSA-AES128-SHA ECDH RSA SHA1 AES(128) _MEDIUM_
AES128-SHA RSA RSA SHA1 AES(128) _MEDIUM_
RC4-SHA RSA RSA SHA1 RC4(128) _MEDIUM_
RC4-MD5 RSA RSA MD5 RC4(128) _MEDIUM_
Expand Severity Title Port/Service
1
SSL Session Caching Information port 27599/tcp over SSL
QID:
38291
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
09/16/2004
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
SSL session is a collection of security parameters that are negotiated by the SSL client and server for each SSL connection. SSL session caching is targeted to reduce the overhead of negotiations in recurring SSL connections. SSL sessions can be reused to resume an earlier connection or to establish multiple simultaneous connections. The client suggests an SSL session to be reused by identifying the session with a Session-ID during SSL handshake. If the server finds it appropriate to reuse the session, then they both proceed to secure communication with already known security parameters.

This test determines if SSL session caching is enabled on the host.

IMPACT:
SSL session caching is part of the SSL and TLS protocols and is not a security threat. The result of this test is for informational purposes only.
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
TLSv1 session caching is disabled on the target.
Expand Severity Title Port/Service
1
SSL/TLS invalid protocol version tolerance port 27599/tcp over SSL
QID:
38597
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
02/13/2012
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
SSL/TLS protocols have different version that can be supported by both the client and the server. This test attempts to send invalid protocol versions to the target in order to find out what is the targets behavior. The results section contains a table that indicates what was the target's response to each of our tests.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
my versiontarget version
03040301
03990301
04000301
04990301
Expand Severity Title Port/Service
1
SSL Certificate will expire within next six months port 27599/tcp over SSL
QID:
38600
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
12/26/2012
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Certificate are used for authentication purposes in different protocols such as SSL/TLS. Each certificate has a validity period outside of which it is supposed to be considered invalid. This QID is reported to inform that a certificate will expire within next six months. The advance notice can be helpful since obtaining a certificate can take some time.
IMPACT:
Expired certificates can cause connection disruptions or compromise the integrity and privacy of the connections being protected by certificates.
SOLUTION:
Contact the certificate authority that signed your certificate to arrange for a renewal.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Certificate #0 CN=SOP-TS2.ad.unc.edu The certificate will expire within six months: Sep 17 16:38:10 2013 GMT
Expand Severity Title Port/Service
1
TLS Secure Renegotiation Extension Supported port 27599/tcp over SSL
QID:
42350
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
12/01/2011
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Secure Socket Layer (SSL) and Transport Layer Security (TLS) renegotiation are vulnerable to an attack in which the attacker forms a TLS connection with the target server, injects content of his choice, and then splices in a new TLS connection from a client. The server treats the client's initial TLS handshake as a renegotiation and thus believes that the initial data transmitted by the attacker is from the same entity as the subsequent client data. TLS protocol was extended to cryptographically tierenegotiations to the TLS connections they are being performed over, This is referred to as TLS secure renegotiation extension. This detection determines whether the TLS secure renegotiation extension is supported by the server or not.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
TLS Secure Renegotiation Extension Status: supported.
Expand Severity Title Port/Service
1
SSL Certificate - Information port 27599/tcp over SSL
QID:
86002
Category:
Web server
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
01/23/2003
User Modified:
-
Edited:
No
PCI Vuln:
No
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
NAMEVALUE
(0)CERTIFICATE 0
(0)Version3 (0x2)
(0)Serial Number 4e:ca:bc:b9:90:6b:92:99:4a:65:5e:b4:6f:ba:ec:8e
(0)Signature Algorithmsha1WithRSAEncryption
(0)ISSUER NAME
commonNameSOP-TS2.ad.unc.edu
(0)SUBJECT NAME
commonNameSOP-TS2.ad.unc.edu
(0)Valid FromMar 18 16:38:10 2013 GMT
(0)Valid TillSep 17 16:38:10 2013 GMT
(0)Public Key AlgorithmrsaEncryption
(0)RSA Public Key(2048 bit)
(0) Public-Key: (2048 bit)
(0) Modulus:
(0) 00:9a:fd:e4:26:e5:a8:e8:1b:31:87:fb:92:0b:f7:
(0) 7e:c9:a6:32:1e:f5:8a:ed:1d:8b:2b:36:e2:f4:cb:
(0) bd:90:86:a2:1d:85:e4:ee:65:f6:97:7b:3e:10:0f:
(0) 96:ee:e3:bd:4e:ea:18:ca:c5:2e:ae:63:c4:6c:51:
(0) 56:36:e8:81:27:c0:22:66:fd:77:f8:be:7c:ba:bd:
(0) 55:aa:ec:9c:a8:a5:21:f5:3a:f9:cf:cd:8a:e8:e4:
(0) 52:58:55:06:d8:3a:d4:23:21:ab:21:28:28:a7:8f:
(0) 95:d8:fc:49:90:af:56:e7:93:6b:a7:71:50:ad:b9:
(0) 4c:a4:5e:fd:78:c0:43:44:94:2f:d7:33:8e:12:04:
(0) 2d:3f:34:a1:b4:2a:a6:b5:2c:72:16:e4:99:a8:d2:
(0) ed:79:07:99:f3:6e:3b:54:d6:3f:e1:60:55:ec:5b:
(0) c8:5a:63:7a:e9:a2:61:40:2e:aa:5e:f5:be:6a:72:
(0) 46:4b:61:4e:48:d4:ab:16:f7:e1:28:da:96:27:d6:
(0) 3c:d6:ee:2e:1a:ad:96:22:1e:c3:9e:22:24:45:13:
(0) 05:91:a2:1b:1c:44:d2:dd:50:9f:f6:e9:eb:34:0a:
(0) 6a:5e:0f:c2:bd:fe:9a:de:7b:e7:de:a9:56:c7:14:
(0) a9:a2:12:45:a2:ff:1f:3c:8b:0f:85:cf:60:cc:95:
(0) bf:55
(0) Exponent: 65537 (0x10001)
(0)X509v3 EXTENSIONS
(0)X509v3 Extended Key Usage TLS Web Server Authentication
(0)X509v3 Key Usage Key Encipherment, Data Encipherment
(0)Signature(256 octets)
(0) 49:84:2e:75:56:de:da:55:4b:61:37:92:95:21:88:a6
(0) d6:c2:08:59:fc:07:68:5d:85:7f:4c:59:d9:8a:e7:00
(0) 85:29:10:0d:7c:84:aa:3c:fe:83:ae:55:3f:b9:64:72
(0) 45:d7:08:1f:e2:1e:cf:a1:fd:f1:58:a1:ee:6e:73:26
(0) 1b:78:16:a2:b4:38:b6:f3:c6:a4:10:4d:f2:26:3d:00
(0) a4:8f:b0:40:3e:f5:97:f9:d8:5f:f1:a2:97:1c:71:b4
(0) cc:3c:36:36:11:62:03:a8:66:a8:6a:7b:55:ae:21:3d
(0) 71:e8:09:0e:f5:1c:d6:96:84:8a:dc:b4:b4:f6:a8:f2
(0) a0:a3:25:2b:de:bf:70:2f:f1:6d:99:15:87:8f:44:68
(0) 7f:f5:98:b2:11:ab:d2:5e:a2:23:73:dd:8d:f8:a2:c1
(0) ab:86:50:b3:e1:c6:c9:5b:c0:27:42:9f:c0:0e:ab:ed
(0) 97:82:41:b1:2c:c0:62:b7:74:90:b0:3c:ed:61:b3:d8
(0) 26:88:07:e5:fa:e5:4d:99:14:7e:64:cb:02:4d:33:9a
(0) 3b:a7:6e:6d:ef:f3:c2:d1:bb:e5:4c:8e:94:14:ed:0d
(0) c5:a9:40:bc:33:18:04:76:90:96:ac:c5:51:1d:6d:ae
(0) de:7c:06:c2:2e:9a:2a:48:00:28:6c:f6:cf:d5:6e:d0
Expand Severity Title Port/Service
3
Enabled DCOM
 
QID:
90042
Category:
Windows
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
08/29/2013
User Modified:
04/22/2013
Edited:
Yes
PCI Vuln:
Yes
CVSS Base:
0[1]
CVSS Temporal:
0
THREAT:
The Distributed Component Object Model (DCOM) is a protocol that enables software components to communicate directly over a network. The Distributed Component Object Model (DCOM) is enabled on this system.
IMPACT:
Buffer overflow vulnerabilities have been discovered previously in the DCOM implementation in most versions of Windows. Microsoft has issued several advisories and patches (MS03-026, MS03-039, MS08-067 to address several DCOM and RPC vulnerabilities.

Gimmiv.A malware has also been reported to exploit a vulnerability in RPC DCOM.

DCOM enabled attracts Internet worms and permits your system to be remotely compromised by malicious hackers.

SOLUTION:
Refer to Microsoft article Best Practices for Mitigating RPC and DCOM Vulnerabilities to obtain information on vulnerabilities in DCOM and ways to mitigate those vulnerabilities.

Information on disabling DCOM can be found at the Microsoft Technet article called How to Disable DCOM Support in Windows.

For disabling DCOM on Windows 7, Windows 7, Windows 8, Windows Server 2008, Windows Server 2008 R2, and Windows Server 2012 refer to Microsoft's article Enable or Disable DCOM.

SOLUTION COMMENTS:
For those Windows system managed with SCCM: The UNC-Chapel Hill Information Security Office does not recommend disabling DCOM because it is required by management tools, such as System Center Configuration Manager.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
HKLM\SOFTWARE\Microsoft\Ole EnableDCOM = Y
Expand Severity Title Port/Service
3
Administrator Account's Password Does Not Expire
 
QID:
90080
Category:
Windows
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
04/26/2013
User Modified:
-
Edited:
No
PCI Vuln:
Yes
CVSS Base:
7.5[1]
CVSS Temporal:
7.1
THREAT:
The scanner probed the Security & Accounts Database (SAM) and found that the target Windows box's Administrator account has a password that does not expire.
IMPACT:
Depending on the site's policy, this may be considered a security vulnerability since it allows attackers an infinite duration to try bruteforcing (guessing over multiple login attempts) the password for the account.
SOLUTION:
Reconfigure the Administrator account's properties to expire the password after a specified duration per the site's policy. Ideally, domain-wide policies should be set on the Domain Controller so that all Windows hosts on the domain comply automatically, and each individual host does not need to be configured.

Note that the Administrator account on the Domain Controller(s) will always have a password that does not expire, since the option check box in the properties dialog box for this account is greyed out.

Additional details can be found under QID 45031 "Accounts Enumerated From SAM Database Whose Passwords Do Not Expire."

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
No results available
Expand Severity Title Port/Service
3
Microsoft Windows Enterprise Hotfix Rollup (KB2775511)
 
QID:
90872
Category:
Windows
CVE ID:
-
Vendor Reference
KB2775511
Bugtraq ID:
-
Service Modified:
05/20/2013
User Modified:
-
Edited:
No
PCI Vuln:
No
CVSS Base:
2.4[1]
CVSS Temporal:
1.8
THREAT:
Microsoft released a hotfix rollup for Windows 7 Service Pack 1 (SP1)-based and Windows Server 2008 R2 SP1-based computers.

This hotfix rollup contains 90 hotfixes that were released after the release of SP1 for Windows 7 and Windows Server 2008 R2.

Microsoft recommend that users should apply this hotfix rollup as part of your regular maintenance routine and build processes for Windows 7 and Windows Server 2008 R2 computers.

IMPACT:
The vulnerabilities can be exploited to affect confidentiality, integrity, and availability.
SOLUTION:
The vendor has released advisories and updates to fix these vulnerabilities. Refer to the following link for further details: KB2775511

Patch:
Following are links for downloading patches to fix the vulnerabilities:

KB2775511: Windows

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
%windir%\System32\Spoolsv.exe Version is 6.1.7601.17777
Expand Severity Title Port/Service
3
Insecure Microsoft Internet Explorer Internet Zone User Setting Detected
 
QID:
100011
Category:
Internet Explorer
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
11/20/2012
User Modified:
-
Edited:
No
PCI Vuln:
No
CVSS Base:
0[1]
CVSS Temporal:
0
THREAT:
Some users at the Windows machine have an insecure Internet zone setting. The Internet options are set on a per user basis, and it is very important to keep these settings secure. Malicious sites take advantage of weak Internet Explorer settings to install viruses, spyware, malware, and adware on the system.
IMPACT:
A malicious site can access local computer resources and execute active components.
SOLUTION:
Workaround:
It is important to have an Internet zone setting of at least medium low. Setting it to high and adding reliable and safe sites in the trusted zone provides better security.

To change the settings, go to Control Panel-> Internet Options-> Security tab.

To interpret the results section, please refer to KB182569 for IE6 and IE7.
Refer to Site to Zone Assignment Section 3 for Group Policy Settings in IE8.
Refer to Internet Explorer 9 Security Settings for IE9.

Also refer to BB457144 article from Microsoft.

The following minimal settings are recommended to be set in the registry for each user in the hive:
Download Signed ActiveX Controls - Prompt (minimum)
Download unsigned ActiveX controls - Disable
Initialize and script ActiveX controls not marked as safe - Disable
Allow scripting of Internet Explorer Webbrowser control - Disable
Access data sources across domains - Disable
Display mixed content - Prompt (minimum)
Installation of desktop items - Prompt (minimum)
Launching programs and files in an IFRAME - Prompt (minimum)
Allow script initiated windows without size or position constraints - Disable
Allow web pages to use restricted protocols for active content - Prompt (minimum)
Open files based on content, not file extension - Disable
Submit non-encrypted form data - Prompt (minimum)
Use Pop-up Blocker - Enable

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Security_HKLM_only is missing.
Key: Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Setting: Open files based on content, not file extension
User: S-1-5-21-211078830-3296991091-4275501491-1000 VAL: Enabled
User: S-1-5-21-211078830-3296991091-4275501491-1001 VAL: Enabled
User: Domain_Administrator VAL: Enabled
User: AD\thensley.adm VAL: Enabled
User: S-1-5-21-344340502-4252695000-2390403120-1277589 VAL: Enabled
User: AD\hmeriwet.adm VAL: Enabled
User: AD\semone.adm VAL: Enabled
User: AD\noel.adm VAL: Enabled
User: AD\haro.adm VAL: Enabled
User: AD\jamesfox.adm VAL: Enabled
User: AD\dewilde.adm VAL: Enabled
User: AD\brinegar.adm VAL: Enabled
User: AD\zfisher.adm VAL: Enabled
User: AD\tcandrew.adm VAL: Enabled
User: AD\dadesky.adm VAL: Enabled
Key: Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Setting: Submit non-encrypted form data
User: S-1-5-21-211078830-3296991091-4275501491-1000 VAL: Enabled
User: S-1-5-21-211078830-3296991091-4275501491-1001 VAL: Enabled
User: Domain_Administrator VAL: Enabled
User: AD\thensley.adm VAL: Enabled
User: S-1-5-21-344340502-4252695000-2390403120-1277589 VAL: Enabled
User: AD\hmeriwet.adm VAL: Enabled
User: AD\semone.adm VAL: Enabled
User: AD\noel.adm VAL: Enabled
User: AD\haro.adm VAL: Enabled
User: AD\jamesfox.adm VAL: Enabled
User: AD\dewilde.adm VAL: Enabled
User: AD\brinegar.adm VAL: Enabled
User: AD\zfisher.adm VAL: Enabled
User: AD\tcandrew.adm VAL: Enabled
User: AD\dadesky.adm VAL: Enabled
HKLM\Software\Microsoft\Internet Explorer Version exists.
Expand Severity Title Port/Service
3
Insecure Microsoft Internet Explorer Intranet Zone User Setting Detected
 
QID:
100012
Category:
Internet Explorer
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/31/2011
User Modified:
-
Edited:
No
PCI Vuln:
Yes
CVSS Base:
0[1]
CVSS Temporal:
0
THREAT:
Some users at the Windows machine have an insecure intranet zone setting. The Internet options are set on a per user basis, and it is very important to keep these settings secure. Even in an intranet environment, it is essential to keep the Internet Explorer security settings at the recommended minimum level.
IMPACT:
A remote attacker may be able to execute local code by presenting a malicious Web page.
SOLUTION:
Workaround:
It is important to have an Internet zone setting of at least medium low. Setting it to high and adding reliable and safe sites in the trusted zone provides better security.

To change the settings, go to Control Panel-> Internet Options-> Security tab.

To interpret the results section, please refer to KB182569 for IE6 and IE7.
Refer to Site to Zone Assignment Section 3 for Group Policy Settings in IE8.
Refer to Internet Explorer 9 Security Settings for IE9.

Also refer to BB457144 article from Microsoft.

The following minimal settings are recommended to be set in the registry for each user in the hive:
Download Signed ActiveX Controls - Prompt (minimum)
Download unsigned ActiveX controls - Disable
Initialize and script ActiveX controls not marked as safe - Disable
Access data sources across domains - Prompt (minimum)
Display mixed content - Prompt (minimum)
Installation of desktop items - Prompt (minimum)
Launching programs and files in an IFRAME - Prompt (minimum)
Allow web pages to use restricted protocols for active content - Prompt (minimum)
Open files based on content, not file extension - Enable
Submit non-encrypted form data - Prompt (minimum)

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Security_HKLM_only is missing.
Key: Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Setting: Submit non-encrypted form data
User: S-1-5-21-211078830-3296991091-4275501491-1000 VAL: Enabled
User: S-1-5-21-211078830-3296991091-4275501491-1001 VAL: Enabled
User: Domain_Administrator VAL: Enabled
User: AD\thensley.adm VAL: Enabled
User: S-1-5-21-344340502-4252695000-2390403120-1277589 VAL: Enabled
User: AD\hmeriwet.adm VAL: Enabled
User: AD\semone.adm VAL: Enabled
User: AD\noel.adm VAL: Enabled
User: AD\haro.adm VAL: Enabled
User: AD\jamesfox.adm VAL: Enabled
User: AD\dewilde.adm VAL: Enabled
User: AD\brinegar.adm VAL: Enabled
User: AD\zfisher.adm VAL: Enabled
User: AD\tcandrew.adm VAL: Enabled
User: AD\dadesky.adm VAL: Enabled
HKLM\Software\Microsoft\Internet Explorer Version exists.
Expand Severity Title Port/Service
3
Microsoft Internet Explorer Mouse Tracking Events Design Error Vulnerability
 
QID:
100131
Category:
Internet Explorer
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
56921
Service Modified:
01/18/2013
User Modified:
-
Edited:
No
PCI Vuln:
Yes
CVSS Base:
4.3[1]
CVSS Temporal:
3.7
THREAT:
Microsoft Internet Explorer is a Web browser for Microsoft Windows.

Internet Explorer is exposed to an information disclosure vulnerability.

Affected Versions:
Internet Explorer 6 through 10.

IMPACT:
If this vulnerability is successfully exploited, attackers can monitor the position of the mouse even when the browser window is minimized or out of focus.
SOLUTION:
There are no vendor supplied patches available at this time.

Workaround:
Use a different browser than Internet Explorer until a patch becomes available.

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
HKLM\SOFTWARE\Microsoft\Internet Explorer Version = 9.10.9200.16521
Microsoft Internet Explorer Mouse Tracking Events Design Error Vulnerability
Expand Severity Title Port/Service
3
Microsoft Windows "RunAs" Password Length Local Information Disclosure - Zero Day
 
QID:
116157
Category:
Local
CVE ID:
CVE-2009-0320
Vendor Reference
-
Bugtraq ID:
33440
Service Modified:
09/04/2009
User Modified:
-
Edited:
No
PCI Vuln:
Yes
CVSS Base:
4
CVSS Temporal:
3.4
THREAT:
RunAs is a service component for Windows, which can be used to execute a second application as a different user, generally for performing privileged operations.

RunAs is prone to a local password disclosure vulnerability that allows a malicious user to guess the password length when "runas.exe" is used to launch an application under another's user's privilege. When the application prompts the current user for the password of the specified user, a local attacker can monitor the "I/O Other Bytes" performance of the application to determine the length of the submitted password.

IMPACT:
If this vulnerability is successfully exploited, it allows an attacker to easily discriminate between strong and weak passwords as well as gain information about user passwords. This sensitive information can aid in passwords brute-force attempts and dictionary attacks.
SOLUTION:
There are currently no vendor-supplied patches available at this time. This detection will be updated when Microsoft releases a patch for the issue.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
%windir%\System32\runas.exe found
Expand Severity Title Port/Service
3
Hotfix KB2264107 (DLL hijacking) Not Installed / Not Configured
 
QID:
118423
Category:
Local
CVE ID:
-
Vendor Reference
KB2269637
Bugtraq ID:
-
Service Modified:
02/22/2011
User Modified:
-
Edited:
No
PCI Vuln:
Yes
CVSS Base:
9.3[1]
CVSS Temporal:
7.3
THREAT:
Microsoft Windows is prone to a design error vulnerability. The vulnerability lies in the manner in which Windows, while executing third-party applications, loads and executes DLL files. The vulnerability is related to the search order followed by the OS when loading an executable. This leads to a class of attacks popularly called "remote binary planting."

Affected Software:
Windows XP , 2003 Server , Windows Vista , Windows server 2008 and Windows 7 are reported to be vulnerable.

IMPACT:
If this vulnerability is successfully exploited, an attacker can execute arbitrary code. The attacker can also cause a denial of service.
SOLUTION:
Refer to KB2264107 for further details.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

KB2264107: Windows XP Professional 32-Bit Edition

KB2264107: Windows XP Professional 64-Bit Edition

KB2264107: Windows 2003 32-Bit Edition

KB2264107: Windows Server 2003 64-Bit Edition

KB2264107: Windows Server 2003 with SP2 for Itanium-based Systems

KB2264107: Windows Vista 32-Bit

KB2264107: Windows Vista x64 Edition

KB2264107: Windows Server 2008 for 32-bit Systems

KB2264107: Windows Server 2008 for x64-based Systems

KB2264107: Windows Server 2008 for Itanium-based Systems

KB2264107: Windows 7 for 32-bit Systems

KB2264107: Windows 7 for x64-based Systems

KB2264107: Windows Server 2008 R2 for x64-based Systems

KB2264107: Windows Server 2008 R2 for Itanium-based Systems

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Hotfix KB2264107 is installed, but CWDIllegalInDllSearch registry entry has not been configured properly
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager CWDIllegalInDllSearch is missing.
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager CWDIllegalInDllSearch is missing.
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager CWDIllegalInDllSearch is missing.
Expand Severity Title Port/Service
3
Splunk Multiple Vulnerabilities (SP-CAAAFQ6)
 
QID:
118523
Category:
Local
CVE ID:
CVE-2010-3322 CVE-2010-3323
Vendor Reference
SP-CAAAFQ6
Bugtraq ID:
-
Service Modified:
04/20/2011
User Modified:
-
Edited:
No
PCI Vuln:
Yes
CVSS Base:
6
CVSS Temporal:
4.7
THREAT:
Splunk is a log, monitoring and reporting tool with search capabilities.

The following vulnerabilities have been reported in Splunk:

1) The XML parser in Splunk is vulnerable to XML eXternal Entity attacks.

2) The parameter SPLUNKD_SESSION_KEY is vulnerable to session hijacking. An authenticated user could be tricked into visiting a specially crafted Web page that could disclose a valid splunkd session key to an attacker.

The vulnerabilities are reported in Versions 4.0 through 4.1.4.

IMPACT:
An authenticated user could exploit this vulnerability, causing information disclosure and privilege escalation.
SOLUTION:
The vendor released Version 4.1.5 to address these issues. Refer to Splunk advisory SP-CAAAFQ6 to obtain further information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

SP-CAAAAFV: Splunk

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
%ProgramFiles%\Splunk\bin\splunk.exe found
VERSION=4.1.3
BUILD=80534
PRODUCT=splunk
PLATFORM=Windows
Expand Severity Title Port/Service
3
SSLv3.0/TLSv1.0 Protocol Weak CBC Mode Vulnerability port 4285/tcp over SSL
 
QID:
42366
Category:
General remote services
CVE ID:
CVE-2011-3389
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
02/07/2013
User Modified:
-
Edited:
No
PCI Vuln:
No
CVSS Base:
4.3
CVSS Temporal:
3.5
THREAT:
SSLv 3.0 and TLS v1.0 protocols are used to provide integrity, authenticity and privacy to other protocols such as HTTP and LDAP. They provide these services by using encryption for privacy, x509 certificates for authenticity and one-way hash functions for integrity. To encrypt data SSL and TLS can use block ciphers, which are encryption algorithms that can encrypt only a fixed block of original data to an encrypted block of the same size. Note that these cihpers will always obtain the same resulting block for the same original blockof data. To achieve difference in the output the output of encryption is XORed with yet another block of the same size referred to as initialization vectors (IV). A special mode of operation for block ciphers known as CBC (cipher block chaining) uses one IV for the initial block and the result of the previous block for each subsequent block to obtain difference in the output of block cipher encryption.

In SSLv3.0 and TLSv1.0 implementation the choice CBC mode usage was poor because the entire traffic shares one CBC session with single set of initial IVs. The rest of the IV are as mentioned above results of the encryption of the previous blocks. The subsequent IV are available to the eavesdroppers. This allows an attacker with the capability to inject arbitrary traffic into the plain-text stream (to be encrypted by the client) to verify their guess of the plain-text preceding the injected block. If the attackers guess is correct then the output of the encryption will be the same for two blocks.

For low entropy data it is possible to guess the plain-text block with relatively few number of attempts. For example for data that has 1000 possibilities the number of attempts can be 500.

For more information please see a paper by Gregory V. Bard.

IMPACT:
Recently attacks against the web authentication cookies have been described which used this vulnerability. If the authentication cookie is guessed by the attacker then the attacker can impersonate the legitimate user on the Web site which accepts the authentication cookie.
SOLUTION:
This attack was identified in 2004 and later revisions of TLS protocol which contain a fix for this. If possible, upgrade to TLSv1.1 or TLSv1.2. If upgrading to TLSv1.1 or TLSv1.2 is not possible, then disabling CBC mode ciphers will remove the vulnerability.

Setting your SSL server to prioritize RC4 ciphers mitigates this vulnerability. Microsoft has posted information including workarounds for IIS at KB2588513.

Using the following SSL configuration in Apache mitigates this vulnerability:

SSLHonorCipherOrder On
SSLCipherSuite RC4-SHA:HIGH:!ADH

Qualys SSL/TLS Deployment Best Practices can be found here.

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Available non CBC cipherServer's choiceSSL version
RC4-SHAEDH-RSA-DES-CBC3-SHASSLv3
RC4-SHAEDH-RSA-DES-CBC3-SHATLSv1
Expand Severity Title Port/Service
2
Global User List
 
QID:
45002
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
04/08/2009
User Modified:
-
Edited:
No
PCI Vuln:
Yes
CVSS Base:
5[1]
CVSS Temporal:
4.7
THREAT:
This is the global system user list, which was retrieved during the scan by exploiting one or more vulnerabilities. The Qualys IDs for the vulnerabilities leading to the disclosure of these users are also given in the Result section. Each user will be displayed only once, even though it may be obtained by using different methods.
IMPACT:
These common account(s) can be used by a malicious user to break-in the system via password bruteforcing.
SOLUTION:
To prevent your host from being attacked, do one or more of the following:
  • Remove (or rename) unnecessary accounts
  • Shutdown unnecessary network services
  • Ensure the passwords to these accounts are kept secret
  • Use a firewall to restrict access to your hosts from unauthorized domains
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
User NameSource Vulnerability (QualysID)
cas.admin45032, 45027, 45031
cas.guest90266, 45027, 45031
Expand Severity Title Port/Service
2
NetBIOS Name Accessible
 
QID:
70000
Category:
SMB / NETBIOS
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
04/28/2009
User Modified:
-
Edited:
No
PCI Vuln:
No
CVSS Base:
0[1]
CVSS Temporal:
0
THREAT:
Unauthorized users can obtain this host's NetBIOS server name from a remote system.
IMPACT:
Unauthorized users can obtain the list of NetBIOS servers on your network. This list outlines trust relationships between server and client computers. Unauthorized users can therefore use a vulnerable host to penetrate secure servers.
SOLUTION:
If the NetBIOS service is not required on this host, disable it. Otherwise, block any NetBIOS traffic at your network boundaries.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
CAS-ENTBKUP1
Expand Severity Title Port/Service
2
SSL Certificate - Signature Verification Failed Vulnerability port 27599/tcp over SSL
 
QID:
38173
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/22/2009
User Modified:
-
Edited:
No
PCI Vuln:
Yes
CVSS Base:
9.4[1]
CVSS Temporal:
6.9
THREAT:
An SSL Certificate associates an entity (person, organization, host, etc.) with a Public Key. In an SSL connection, the client authenticates the remote server using the server's Certificate and extracts the Public Key in the Certificate to establish the secure connection. The authentication is done by verifying that the public key in the certificate is signed by a trusted third-party Certificate Authority.

If a client is unable to verify the certificate, it can abort communication or prompt the user to continue the communication without authentication.

IMPACT:
By exploiting this vulnerability, man-in-the-middle attacks in tandem with DNS cache poisoning can occur.

Exception:
If the server communicates only with a restricted set of clients who have the server certificate or the trusted CA certificate, then the server or CA certificate may not be available publicly, and the scan will be unable to verify the signature.

SOLUTION:
Please install a server certificate signed by a trusted third-party Certificate Authority.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Certificate #0 CN=CAS-ENTBKUP1.ad.unc.edu unable to get local issuer certificate
Expand Severity Title Port/Service
2
SSL Certificate - Self-Signed Certificate port 4285/tcp over SSL
 
QID:
38169
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/24/2009
User Modified:
-
Edited:
No
PCI Vuln:
Yes
CVSS Base:
9.4[1]
CVSS Temporal:
6.9
THREAT:
An SSL Certificate associates an entity (person, organization, host, etc.) with a Public Key. In an SSL connection, the client authenticates the remote server using the server's Certificate and extracts the Public Key in the Certificate to establish the secure connection.

The client can trust that the Server Certificate belongs the server only if it is signed by a mutually trusted third-party Certificate Authority (CA). Self-signed certificates are created generally for testing purposes or to avoid paying third-party CAs. These should not be used on any production or critical servers.

By exploiting this vulnerability, an attacker can impersonate the server by presenting a fake self-signed certificate. If the client knows that the server does not have a trusted certificate, it will accept this spoofed certificate and communicate with the remote server.

IMPACT:
By exploiting this vulnerability, an attacker can launch a man-in-the-middle attack.
SOLUTION:
Please install a server certificate signed by a trusted third-party Certificate Authority.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Certificate #0 CN=Unknown,OU=PRO_Server,O=CrashPlan,L=Minneapolis,ST=Minnesota,C=US is a self signed certificate.
Expand Severity Title Port/Service
2
SSL Certificate - Subject Common Name Does Not Match Server FQDN port 4285/tcp over SSL
 
QID:
38170
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
09/29/2008
User Modified:
-
Edited:
No
PCI Vuln:
No
CVSS Base:
2.6[1]
CVSS Temporal:
2.1
THREAT:
An SSL Certificate associates an entity (person, organization, host, etc.) with a Public Key. In an SSL connection, the client authenticates the remote server using the server's Certificate and extracts the Public Key in the Certificate to establish the secure connection.

A certificate whose Subject commonName or subjectAltName does not match the server FQDN offers only encryption without authentication.

Please note that a false positive reporting of this vulnerability is possible in the following case:

    If the common name of the certificate uses a wildcard such as *.somedomainname.com and the reverse DNS resolution of the target IP is not configured. In this case there is no way for QualysGuard to associate the wildcard common name to the IP. Adding a reverse DNS lookup entry to the target IP will solve this problem.

IMPACT:
A man-in-the-middle attacker can exploit this vulnerability in tandem with a DNS cache poisoning attack to lure the client to another server, and then steal all the encryption communication.
SOLUTION:
Please install a server certificate whose Subject commonName or subjectAltName matches the server FQDN.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Certificate #0 CN=Unknown,OU=PRO_Server,O=CrashPlan,L=Minneapolis,ST=Minnesota,C=US (Unknown) doesn't resolve
Expand Severity Title Port/Service
2
SSL Certificate - Signature Verification Failed Vulnerability port 4285/tcp over SSL
 
QID:
38173
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/22/2009
User Modified:
-
Edited:
No
PCI Vuln:
Yes
CVSS Base:
9.4[1]
CVSS Temporal:
6.9
THREAT:
An SSL Certificate associates an entity (person, organization, host, etc.) with a Public Key. In an SSL connection, the client authenticates the remote server using the server's Certificate and extracts the Public Key in the Certificate to establish the secure connection. The authentication is done by verifying that the public key in the certificate is signed by a trusted third-party Certificate Authority.

If a client is unable to verify the certificate, it can abort communication or prompt the user to continue the communication without authentication.

IMPACT:
By exploiting this vulnerability, man-in-the-middle attacks in tandem with DNS cache poisoning can occur.

Exception:
If the server communicates only with a restricted set of clients who have the server certificate or the trusted CA certificate, then the server or CA certificate may not be available publicly, and the scan will be unable to verify the signature.

SOLUTION:
Please install a server certificate signed by a trusted third-party Certificate Authority.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Certificate #0 CN=Unknown,OU=PRO_Server,O=CrashPlan,L=Minneapolis,ST=Minnesota,C=US self signed certificate
Expand Severity Title Port/Service
2
X.509 Certificate MD5 Signature Collision Vulnerability port 4285/tcp over SSL
 
QID:
42012
Category:
General remote services
CVE ID:
CVE-2004-2761
Vendor Reference
-
Bugtraq ID:
33065
Service Modified:
09/17/2009
User Modified:
-
Edited:
No
PCI Vuln:
Yes
CVSS Base:
5
CVSS Temporal:
4.2
THREAT:
Hash algorithms are used to generate a hash value for a message (an arbitrary block of data) such that a number of cryptographic properties hold. In particular it is expected to be resistant to collisions, that is that given a message m, it is difficult to compute a second message m' such that both have the same hash value.

Hash algorithms are used in many cryptographic applications. In particular, they are used in order to sign X.509 certificates used to verify identity in a variety of applications, including SSL communications.

The MD5 hash algorithm has over time seen gradually improving attacks against the collision property. In particular, it has been possible in recent years to create colliding messages with arbitrary, attacker specified prefixes and suffixes. Recent improvements have extended these techniques such that it is possible to create colliding messages that are also different yet valid SSL certificates.

IMPACT:
An attacker may create a pair of X.509 certificates with differing information which share the same signature. If one of the certificates is signed, the signature may be used for the second certificate as well. It is possible to exploit this issue to gain a signed certificate for an identity the attacker does not control, or to gain a signed certificate as an intermediary signing authority. In the second case, the attacker will be able to sign additional, arbitrary certificates which will be trusted by any party trusting the original, legitimate authority.

An attacker is most likely to exploit this issue to conduct phishing attacks or to impersonate legitimate Web sites by taking advantage of malicious certificates. Other attacks are likely to be possible.

SOLUTION:
Workaround:
If the certificate is signed using MD5 hash function then a new certificate should be obtained which uses a more collision proof hashing algorithm such as SHA. If the CA of the certificate is signed using MD5 then a different CA should be used which doesn't have this vulnerability.

Cisco ASA appliance Workaround -
Instructions on changing the signing hash for Cisco ASA's self signed certificates are available at the Cisco Security Response Web page MD5 Hashes May Allow for Certificate Spoofing.

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
Reference:
CVE-2004-2761
Description:
MD5 Message Digest Algorithm Hash Collision Weakness - The Exploit-DB Ref : 24807
Link:
http://www.exploit-db.com/exploits/24807
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
NAMEVALUE
CertificateCN=Unknown at level 0 was signed using md5WithRSAEncryption algorithm which is considered weak.
Expand Severity Title Port/Service
1
Detected Compatibility 8.3 Filename Feature
 
QID:
90023
Category:
Windows
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/12/2009
User Modified:
-
Edited:
No
PCI Vuln:
No
CVSS Base:
0[1]
CVSS Temporal:
0
THREAT:
NTFS supports backward compatibility with older 16-bit software by restricting the allowed filenames to 8.3 format. This feature seems to be activated on this host.
IMPACT:
16-bit applications are extremely vulnerable and should not be used on a secure server. If you have not installed any 16-bit applications on a Windows NT-based computer, you can turn off automatic short (8-character name, 3-character extension) file name generation to speed up file and folder access on your computer running Windows NT.
SOLUTION:
We recommend that you remove this compatibility restriction. To do so, locate the following registry key, and then set the REG_DWORD 'NtfsDisable8dot3NameCreation' entry to '1':

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\FileSystem

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
HKLM\System\CurrentControlSet\Control\FileSystem NtfsDisable8dot3NameCreation = 0
Expand Severity Title Port/Service
2
Windows User Accounts With Unchanged Passwords
 
QID:
105236
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/11/2009
User Modified:
-
Edited:
No
PCI Vuln:
No
CVSS Base:
0[1]
CVSS Temporal:
0
THREAT:
The target Microsoft Windows system has some user accounts with passwords which have never changed. This may include any disabled accounts that you may have.
IMPACT:
N/A
SOLUTION:
Please check if this adheres with your security policy and remove unwanted accounts.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
cas.guest
Expand Severity Title Port/Service
2
Deprecated Public Key Length port 4285/tcp over SSL
 
QID:
38598
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
08/09/2012
User Modified:
-
Edited:
No
PCI Vuln:
No
CVSS Base:
5[1]
CVSS Temporal:
3.6
THREAT:
NIST has a special publication SP800-131Ain which it has several recommendation regarding cryptographic algorithm and key length use. The recommendation for key length is: - key lengths less then 1024 bits are disallowed, which means they are considered weak and should not be used. - key lengths between 1024 bits and 2047 bits are deprecated - key lengths 2048 and more are approved and safe to use. The deprecated status of 1024-2047 bit keys will change to disallowed at the end of 2013.
IMPACT:
Since most certificates are issued for one to two years make sure your certificate will not be used after 2013.
SOLUTION:
Please obtain a 2048 bit or more public key length certificate from your Certificate Authority.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Certificate #0
RSA Public Key (1024 bit)
Public-Key: (1024 bit)
Modulus:
00:a1:37:8a:2b:eb:08:0d:3d:ac:58:5c:a9:c0:f8:
3c:59:1c:c7:66:ca:1c:80:5c:d7:28:5d:b6:81:82:
c4:4e:34:cd:78:16:a2:25:2e:d9:c8:2e:04:16:d0:
ec:d9:67:7f:b0:46:71:eb:c8:7d:f1:8d:cd:b4:ca:
8d:7d:fe:c9:8c:b7:7f:58:99:21:58:f1:0a:66:5f:
5f:ef:72:78:d6:85:cb:7b:d8:4a:76:74:38:9e:64:
70:3f:32:c0:30:63:c7:95:f2:c3:94:40:97:67:db:
54:ec:4e:71:e8:90:ea:dd:bd:35:08:1b:ff:01:68:
14:e2:91:ff:f5:2d:05:a8:b1
Exponent: 65537 (0x10001)
Expand Severity Title Port/Service
1
Windows Registry Setting To Globally Prevent Socket Hijacking Missing
 
QID:
90213
Category:
Windows
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
06/16/2009
User Modified:
-
Edited:
No
PCI Vuln:
No
CVSS Base:
2.1[1]
CVSS Temporal:
1.5
THREAT:
Microsoft Windows since Windows NT is vulnerable to socket hijacking. This is because the operating system does not implement the concept of privileged listener ports. So any unprivileged user process can listen on sub-1024 port numbers. If a privileged server process is listening on such a port already, there's a possibility for the unprivileged process to hijack the socket by collecting all data meant for the privileged process.

This issue arises when the first server socket binds to a port (privileged or otherwise) but specifies "INADDR_ANY" or "0.0.0.0" as the IP address to bind on. This allows the server to receive packets arriving on that port on any interface configured with a public IP address. This configuration is typical on a multihomed/multi-NIC machine set up as a server (or when the IP address might change in the future). However, if another rogue socket binds to the same port (using "SO_REUSEADDR") on a more specific IP address (instead of INADDR_ANY) of one of the interfaces, the network stack hands packets arriving on that port to the more specifically bound socket.

As a solution, Microsoft provided the SO_EXCLUSIVEADDRUSE Option, a socket option to be used by sockets before binding, to prevent this issue. However, using the SO_EXCLUSIVEADDRUSE option may not be possible for administrators with server applications coded prior to this solution, or which are closed source binaries that can't be fixed to implement this. This socket option has been provided for all Windows versions starting from Windows NT 4.0 Service Pack 4 and onwards.

IMPACT:
If this registry setting is missing, in the absence of a SO_EXCLUSIVEADDRUSE check on a listening privileged socket, local unprivileged users can easily hijack the socket and intercept all data meant for the privileged process.
SOLUTION:
As a workaround, Microsoft provides a registry setting that will globally (system-wide) prevent all sockets from reusing any port that is already in use. This is done by setting to 1 the "DisableAddressSharing" value of the "HKLM\System\CurrentControlSet\Services\Afd\Parameters" key. (Reboot required for the setting to take effect).

The administrator should first confirm that disallowing socket reuse globally does not break the functionality/correctness of existing legitimate servers on the system. If it's safe, the setting described above should be used to apply this security measure.

Please refer to Microsoft article on SO_EXCLUSIVEADDRUSE before implementing this feature.

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
HKLM\SYSTEM\CurrentControlSet\Services\Afd\Parameters DisableAddressSharing is missing.
Expand Severity Title Port/Service
3
Accounts Enumerated From SAM Database Whose Passwords Do Not Expire
QID:
45031
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
08/30/2004
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The Security Accounts Manager holds user and machine account information. The scanner found at least one user or machine account in the SAM database for the target Windows machine whose password does not expire. The accounts are listed in the Result section.
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
User/Machine Accounts With Passwords That Do Not Expire:
cas.admin cas.guest
Expand Severity Title Port/Service
3
NetBIOS Bindings Information
QID:
70004
Category:
SMB / NETBIOS
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/09/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The following bindings were detected on this computer. Bindings have many purposes. They reflect such things as users logged-in, registration of a user name, registration of a service in a domain, and registering of a NetBIOS name.
IMPACT:
Unauthorized users can use this information in further attacks against the host. A list of logged-in users on the target host/network can potentially be used to launch social engineering attacks.
SOLUTION:
This service uses the UDP and TCP port 137. Typically, this port should not be accessible to external networks, and should be firewalled.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
NameServiceNetBIOS Suffix
ADDomain Name0x0
CAS-ENTBKUP1Workstation Service0x0
CAS-ENTBKUP1File Server Service0x20
Expand Severity Title Port/Service
3
NetBIOS Shared Folders
QID:
70030
Category:
SMB / NETBIOS
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
10/29/2003
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The following NetBIOS shared folders have been detected.
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Device NameCommentTypeLabelSizeDescription
ADMIN$Remote Admin-2147483648OS134 GBDisk (mounted)
BackupServer 0
C$Default share-2147483648
Citrix PVS Vdisks 0
D$Default share-2147483648
E$Default share-2147483648
F$Default share-2147483648
IPC$Remote IPC-2147483645
svag 0
Expand Severity Title Port/Service
3
Microsoft Windows Socket Parameters, TCP/IP Hardening Guidelines
QID:
90127
Category:
Windows
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
06/29/2004
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Windows Socket (Winsock) parameters at the target are enumerated and compared against the protection levels recommended in TCP/IP hardening guidelines from Microsoft.
IMPACT:
Depending on the services hosted by the target, it may be subject to denial of service attacks.
SOLUTION:
You can secure the TCP/IP stack for Windows Sockets (Winsock) applications such as FTP servers and Web servers. The driver Afd.sys is responsible for connection attempts to Winsock applications. Afd.sys has been modified in Windows 2000, Windows 2003, and Windows XP to support large numbers of connections in the half-open state without denying access to legitimate clients. Afd.sys can use dynamic backlog, which is configurable, rather than a static backlog.

You can configure four parameters for the dynamic backlog:

EnableDynamicBacklog: Switches between using a static backlog and a dynamic backlog. By default, this parameter is set to 0, which enables the static backlog. You should enable the dynamic backlog for better security on Winsock.

MinimumDynamicBacklog: Controls the minimum number of free connections allowed on a listening Winsock endpoint. If the number of free connections drops below this value, a thread is queued to create additional free connections. Making this value too large (setting it to a number greater than 100) will degrade the performance of the computer.

MaximumDynamicBacklog: Controls the maximum number of half-open and free connections to Winsock endpoints. If this value is reached, no additional free connections will be made.

DynamicBacklogGrowthDelta: Controls the number of Winsock endpoints in each allocation pool requested by the computer. Setting this value too high can cause system resources to be unnecessarily occupied.

Each of these values must be added to this registry key:
HKLM\System\CurrentControlSet\Services\AFD\Parameters

The recommended levels of protection for these parameters are indicated below.
DynamicBacklogGrowthDelta: 10
EnableDynamicBacklog: 1
MinimumDynamicBacklog: 20
MaximumDynamicBacklog: 20,000

Refer to the Microsoft Security Topics document called Hardening Systems and Servers: Checklists and Guides for a detailed description of these parameters and other impacts these might have before deploying these settings.

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
EnableDynamicBacklogRecommended:1Actual:Missing
MinimumDynamicBacklogRecommended:20Actual:Missing
MaximumDynamicBacklogRecommended:20, 000Actual:Missing
DynamicBacklogGrowthDeltaRecommended:10Actual:Missing
Expand Severity Title Port/Service
3
Microsoft Windows TCP Parameters, TCP/IP Hardening Guidelines
QID:
90128
Category:
Windows
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
11/16/2004
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The target Windows system TCP/IP parameters are enumerated and compared against TCP/IP hardening guidelines from Microsoft.

To help prevent denial of service attacks, you can harden the TCP/IP protocol stack on Windows 2000/2003 and Windows XP computers. You should harden the TCP/IP stack against denial of service attacks, even on internal networks, to prevent denial of service attacks that originate from inside the network as well as on computers attached to public networks.

You can harden the TCP/IP stack on a Windows 2000/2003 or Windows XP computer by customizing these registry values, which are stored in the registry key:
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\

IMPACT:
Depending on the role played by the target, it may be subject to denial of service and other TCP level attacks.
SOLUTION:
EnablePMTUDiscovery: Determines whether path MTU discovery is enabled (1), in which case TCP attempts to discover the largest packet size over the path to a remote host. When path MTU discovery is disabled (0), the path MTU for all TCP connections will be fixed at 576 bytes.

DisableIPSourceRouting: Determines whether a computer allows clients to predetermine the route that packets take to their destination. When this value is set to 2, the computer will disable source routing for IP packets.

NoNameReleaseOnDemand: Determines whether the computer will release its NetBIOS name if requested by another computer or a malicious packet attempting to hijack the computer's NetBIOS name. This is configured under HKLM\System\CurrentControlSet\Services\Netbt\Parameters

PerformRouterDiscovery: Determines whether the computer performs router discovery on this interface. Router discovery solicits router information from the network and adds the information retrieved to the route table. Setting this value to 0 will prevent the interface from performing router discovery.

EnableDeadGWDetect: Determines whether the computer will attempt to detect dead gateways. When dead gateway detection is enabled (by setting this value to 1), TCP might ask IP to change to a backup gateway if a number of connections are experiencing difficulty. Backup gateways are defined in the TCP/IP configuration dialog box in the Network Control Panel for each adapter. When you leave this setting enabled, it's possible for an attacker to redirect the server to a gateway of his choosing.

EnableICMPRedirect: When ICMP redirects are disabled (by setting the value to 0), attackers cannot carry out attacks that require a host to redirect the ICMP-based attack to a third party.

SynAttackProtect: Enables SYN flood protection in Windows 2000 and Windows XP. You can set this value to 0, 1, or 2. The default setting 0 provides no protection. Setting the value to 1 will activate SYN/ACK protection contained in the TCPMaxPortsExhausted, TCPMaxHalfOpen, and TCPMaxHalfOpenRetried values. Setting the value to 2 will protect against SYN/ACK attacks by more aggressively timing out open and half-open connections. For Windows 2003, the recommended value is 1.

TCPMaxConnectResponseRetransmissions: Determines how many times TCP retransmits an unanswered SYN/ACK message. TCP retransmits acknowledgments until the number of retransmissions specified by this value is reached.

TCPMaxHalfOpen: Determines how many connections the server can maintain in the half-open state before TCP/IP initiates SYN flooding attack protection. This entry is used only when SYN flooding attack protection is enabled on this server, that is when the value of the SynAttackProtect entry is 1 or 2 and the value of the TCPMaxConnectResponseRetransmissions entry is at least 2.

TCPMaxHalfOpenRetired: Determines how many connections the server can maintain in the half open state even after a connection request has been retransmitted. If the number of connections exceeds the value of this entry, TCP/IP initiates SYN flooding attack protection. This entry is used only when SYN flooding attack protection is enabled on this server, that is when the value of the SynAttackProtect entry is 1 and the value of the TCPMaxConnectResponseRetransmissions entry is at least 2.

Refer to the Microsoft Security Topics document called Hardening Systems and Servers: Checklists and Guides for a detailed description of these parameters and other impacts these might have before deploying these settings.

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
EnableICMPRedirectRecommended:0Actual:0
SynAttackProtectRecommended:2Actual:1
TCPMaxConnectResponseRetransmissionsRecommended:2Actual:2
TCPMaxHalfOpenRecommended:500Actual:Missing
TCPMaxHalfOpenRetriedRecommended:400Actual:Missing
TCPMaxPortsExhaustedRecommended:5Actual:Missing
TCPMaxDataRetransmissionsRecommended:3Actual:3
EnableDeadGWDetectRecommended:0Actual:0
EnablePMTUDiscoveryRecommended:0Actual:Missing
DisableIPSourceRoutingRecommended:2Actual:2
NoNameReleaseOnDemandRecommended:1Actual:1
PerformRouterDiscoveryRecommended:0Actual:0
Expand Severity Title Port/Service
3
Hotfix KB2264107 (DLL hijacking) Installed
QID:
90634
Category:
Windows
CVE ID:
-
Vendor Reference
KB2264107
Bugtraq ID:
-
Service Modified:
08/31/2010
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
A new CWDIllegalInDllSearch registry entry is available to control the DLL search path algorithm. The DLL search path algorithm is used by the LoadLibrary API and the LoadLibraryEx API when DLLs are loaded without specifying a fully qualified path.

Refer to Microsoft KB article 2264107 to obtain additional details.

IMPACT:
Successfully exploiting these vulnerabilities might allow a remote user to cause denial of service or bypass some security restrictions to access some files.
SOLUTION:
Refer to KB2264107 for further details.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

KB2264107: Windows XP 32 bit Edition

KB2264107: Windows XP 64 bit Edition

KB2264107: Windows Server 2003 - 32 bit

KB2264107: Windows Server 2003 - 64 bit

KB2264107: Windows Vista - 32 bit

KB2264107: Windows Vista - 64 bit

KB2264107: Windows 2008-32 bit

KB2264107: Windows 2008-64 Bit

KB2264107: Windows Server 2008 R2 for Itanium-based Systems

KB2264107: Windows Server 2008 R2 for x64-based Systems

KB2264107: Windows 7 for 32-bit Systems

KB2264107: Windows 7 for 64-bit Systems

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Hotfix KB2264107 is installed
Expand Severity Title Port/Service
3
SAMR Pipe Permissions Enumerated
QID:
105237
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
09/23/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The account permissions for the SAMR pipe are enumerated from the target Microsoft Windows system.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
\SAMR Everyone 0 access_allowed read_extended_attributes standard_read write_extended_attributes write_data write_attributes read_data read_attributes
\SAMR AnonymousLogon 7 access_allowed read_extended_attributes standard_read write_extended_attributes write_data write_attributes read_data read_attributes
\SAMR Administrators 544 access_allowed standard_write_owner standard_write_dac standard_read write_attributes read_attributes delete_child read_extended_attributes execute write_extended_attributes write_data append_data read_data standard_delete
Expand Severity Title Port/Service
3
Antivirus Product Detected on Windows Host
QID:
105327
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
10/16/2009
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
One or more of the following Windows Antivirus products were detected on the host:

AVG Antivirus
CA eTrust Antivirus
F-Secure Antivirus
Kaspersky Antivirus
McAfee Antivirus
Network Associates Antivirus
Sophos Antivirus Scanner
Symantec Norton Antivirus Corporate Edition
Symantec Norton Antivirus Personal Edition
Symantec Endpoint Protection
TrendMicro Antivirus
ESET Antivirus Scanner
Microsoft Windows Defender
Clam Antivirus

IMPACT:
n/a
SOLUTION:
n/a
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
HKLM\SOFTWARE\Microsoft\Windows Defender exists
Windows Defender Installed
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\\Rtvscan.exe found
Symantec x64 Scanner Installed
Expand Severity Title Port/Service
2
Operating System Detected
QID:
45017
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
02/09/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Several different techniques can be used to identify the operating system (OS) running on a host. A short description of these techniques is provided below. The specific technique used to identify the OS on this host is included in the RESULTS section of your report.

1) TCP/IP Fingerprint: The operating system of a host can be identified from a remote system using TCP/IP fingerprinting. All underlying operating system TCP/IP stacks have subtle differences that can be seen in their responses to specially-crafted TCP packets. According to the results of this "fingerprinting" technique, the OS version is among those listed below.

Note that if one or more of these subtle differences are modified by a firewall or a packet filtering device between the scanner and the host, the fingerprinting technique may fail. Consequently, the version of the OS may not be detected correctly. If the host is behind a proxy-type firewall, the version of the operating system detected may be that for the firewall instead of for the host being scanned.

2) NetBIOS: Short for Network Basic Input Output System, an application programming interface (API) that augments the DOS BIOS by adding special functions for local-area networks (LANs). Almost all LANs for PCs are based on the NetBIOS. Some LAN manufacturers have even extended it, adding additional network capabilities. NetBIOS relies on a message format called Server Message Block (SMB).

3) PHP Info: PHP is a hypertext pre-processor, an open-source, server-side, HTML-embedded scripting language used to create dynamic Web pages. Under some configurations it is possible to call PHP functions like phpinfo() and obtain operating system information.

4) SNMP: The Simple Network Monitoring Protocol is used to monitor hosts, routers, and the networks to which they attach. The SNMP service maintains Management Information Base (MIB), a set of variables (database) that can be fetched by Managers. These include "MIB_II.system.sysDescr" for the operating system.

IMPACT:
Not applicable.
SOLUTION:
Not applicable.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Operating SystemTechniqueID
Windows Server 2008 R2 Enterprise 64 bit Edition Service Pack 1Windows Registry
Windows 2008/7NTLMSSP
Windows Vista / Windows 2008 / Windows 7 / Windows 2012TCP/IP FingerprintU3414:135
Windows Server 2008 R2 Enterprise 7601 Service Pack 1/Windows Server 2008 R2 Enterprise 6.1CIFS via TCP Port 445
cpe:/o:microsoft:windows server 2008:r2:sp1:enterprise x64:CPE
Expand Severity Title Port/Service
2
Windows Effective Password Policy Information Gathering Via SAM Database
QID:
45026
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
07/29/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
This check probes the SAM database on the target host for password policy information. Information gathered is:

Minimum Password Age in Days
Maximum Password Age in Days
Minimum Password Length in Characters
Password History (Number of old passwords remembered)

The policy is the effective policy, which is a combination of the local policy settings (if any) and the domain-wide policy settings made on the Domain Controller(s) for the domain.

This probe requires authentication to be successful.

IMPACT:
This password policy information may be used for auditing a Windows-based network for password policy compliance of its nodes. An attacker with a working account can use it to query the network and obtain information.
SOLUTION:
N/A
COMPLIANCE:
Type: CobIT
Section: DS5.4
Description: DS5.4 User Account Management Ensure that requesting, establishing, issuing, suspending, modifying and closing user accounts and related user privileges are addressed by user account management. An approval procedure outlining the data or system owner granting the access privileges should be included. These procedures should apply for all users, including administrators (privileged users), internal and external users, for normal and emergency cases. Rights and obligations relative to access to enterprise systems and information are contractually arranged for all types of users. Perform regular management review of all accounts and related privileges.

Type: GLBA
Section: N/A
Description: Ensure the confidentiality and protection of passwords through secure password creation and distribution mechanisms.

Type: HIPAA
Section: 164.308(a)(5)(ii)(D)
Description: Password management Procedures for creating, changing, and safeguarding passwords.

Type: SOX
Section: N/A
Description: User Access Management Granting resource access, user ID and password requirements, individual accountability, limited utilization of native administrative IDs, non-employee user ID expiration, reporting employee and contractor status changes. Operating System Access Control Password enforcement, logon information, password display and printing, required password changes, vendor default passwords, security changes after system compromise, systems software utility usage, automatic log off. Password Management Procedures exist that ensure the confidentiality and protection of passwords through secure password creation and distribution mechanisms, the enforcement and adherence to acceptable password standards, and the regular changing of passwords.

EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Effective Password Policy:

Mininum Password Length - 8 Characters.
Password History Length - 24 Passwords.
Minimum Password Age - 2 Days.
Maximum Password Age - 90 Days.
Password Complexity - Set.
Store Password Using Reversible Encryption - Not Set.
Expand Severity Title Port/Service
2
Windows Domain Effective Account Lockout Policy Information Gathered Via SAM Database
QID:
45028
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
12/30/2003
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The Security and Accounts Manager (SAM) Database of any Windows host participating in a Windows Domain has information about the account lockout policy set on that system. Such information was gathered from the target and is shown in the Results section below.

It should be noted that if the Domain Controller/Active Directory on this domain enforces a policy as well, the Domain Controller policy will override the local policies (if any) of each host. Further, it takes up to a couple of minutes for changes on the Domain Controller policy to be propogated to all the individual hosts on that domain.

SOLUTION:
 
COMPLIANCE:
Type: CobIT
Section: DS5.4
Description: User Account Management Ensure that requesting, establishing, issuing, suspending, modifying and closing user accounts and related user privileges are addressed by user account management. An approval procedure outlining the data or system owner granting the access privileges should be included. These procedures should apply for all users, including administrators (privileged users), internal and external users, for normal and emergency cases. Rights and obligations relative to access to enterprise systems and information are contractually arranged for all types of users. Perform regular management review of all accounts and related privileges.

Type: GLBA
Section: N/A
Description: Ensure that accounts are locked after unsuccessful login attempts.

Type: HIPAA
Section: 164.312(a)(1)
Description: Standard: Access Control Implement technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to those persons or software programs that have been granted access rights as specified in 164.308(a)(4).

Type: SOX
Section: N/A
Description: Ensure that accounts are locked after unsuccessful login attempts and that failed login attempts are logged.

EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Effective Account Lockout Policy:

Maximum Failed Logon Attempts Before Lockout - 10 Attempts.
Lockout Logon-Attempts-Counter Duration - 15 Minutes.
Lockout Duration - 15 Minutes.
Expand Severity Title Port/Service
2
Microsoft .Net Framework Installed on Target Host
QID:
45178
Category:
Information gathering
CVE ID:
-
Vendor Reference
Microsoft .NET Framework
Bugtraq ID:
-
Service Modified:
03/07/2013
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Microsoft .NET Framework is a software framework for computers running Microsoft Windows operating systems.

Microsoft .NET Framework is installed on target host.

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
.Net FrameworkVersionService PackKey
.Net Framework 2.0 x642.0.50727.54202HKLM\SOFTWARE\Microsoft\NET Framework Setup\NDP\v2.0.50727
.Net Framework 4.x Client Installation x644.0.30319 - HKLM\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Client
.Net Framework 4.x Full Installation x644.0.30319 - HKLM\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full
.Net Framework 2.0 x862.0.50727.54202HKLM\SOFTWARE\Wow6432Node\Microsoft\NET Framework Setup\NDP\v2.0.50727
.Net Framework 4.x Client Installation x864.0.30319 - HKLM\SOFTWARE\Wow6432Node\Microsoft\NET Framework Setup\NDP\v4\Client
.Net Framework 4.x Full Installation x864.0.30319 - HKLM\SOFTWARE\Wow6432Node\Microsoft\NET Framework Setup\NDP\v4\Full
Expand Severity Title Port/Service
2
Open DCE-RPC / MS-RPC Services List
QID:
70022
Category:
SMB / NETBIOS
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
06/06/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The following DCE-RPC / MS-RPC services are active on the remote host.
IMPACT:
N/A
SOLUTION:
Shut down any unknown or unused service on the list. In Windows, this is done in the "Services" Control Panel. In other environments, this usually requires editing a configuration file or start-up script. If you have provided Windows Authentication credentials, the Microsoft Registry service supporting the named pipe "\PIPE\winreg" must be present to allow CIFS to access the Registry.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
DescriptionVersionTCP PortsUDP PortsHTTP PortsNetBIOS/CIFS Pipes
DCE Endpoint Mapper3.0 \PIPE\epmapper
DCE Remote Management1.0 \PIPE\epmapper
DCOM OXID Resolver0.0 \PIPE\epmapper
DCOM Remote Activation0.0 \PIPE\epmapper
DCOM System Activator0.0 \PIPE\epmapper
Microsoft Event Log Service0.0 \PIPE\eventlog
Microsoft Local Security Architecture0.0 \PIPE\lsarpc
Microsoft Network Logon1.0 \PIPE\NETLOGON
Microsoft Registry1.0 \PIPE\winreg
Microsoft Scheduler Control Service1.0 \PIPE\atsvc
Microsoft Security Account Manager1.049174 \PIPE\samr, \pipe\lsass
Microsoft Server Service3.0 \PIPE\srvsvc
Microsoft Service Control Service2.050273 \PIPE\svcctl
Microsoft Task Scheduler1.0 \PIPE\atsvc
Microsoft Workstation Service1.0 \PIPE\wkssvc
WinHttp Auto-Proxy Service5.1 \PIPE\W32TIME_ALT
RPC ROUTER SERVICE1.0 \PIPE\ROUTER
(Unknown Service)1.049152 \PIPE\InitShutdown
(Unknown Service)1.0 \PIPE\InitShutdown
DHCP Client LRPC Endpoint1.049153 \pipe\eventlog
DHCPv6 Client LRPC Endpoint1.049153 \pipe\eventlog
NRP server endpoint1.049153 \pipe\eventlog
Event log TCPIP1.049153 \pipe\eventlog
(Unknown Service)1.049154 \PIPE\srvsvc, \PIPE\ROUTER, \PIPE\atsvc
Impl friendly name1.049154 \PIPE\srvsvc, \PIPE\ROUTER, \PIPE\atsvc
XactSrv service1.049154 \PIPE\ROUTER, \PIPE\atsvc
IP Transition Configuration endpoint1.049154 \PIPE\atsvc
IKE/Authip API1.049154 \PIPE\atsvc
(Unknown Service)1.049154 \PIPE\atsvc
Unimodem LRPC Endpoint1.0 \pipe\tapsrv
Expand Severity Title Port/Service
2
Host Uptime Based on TCP TimeStamp Option
QID:
82063
Category:
TCP/IP
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/29/2007
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The TCP/IP stack on the host supports the TCP TimeStamp (kind 8) option. Typically the timestamp used is the host's uptime (since last reboot) in various units (e.g., one hundredth of second, one tenth of a second, etc.). Based on this, we can obtain the host's uptime. The result is given in the Result section below.

Some operating systems (e.g., MacOS, OpenBSD) use a non-zero, probably random, initial value for the timestamp. For these operating systems, the uptime obtained does not reflect the actual uptime of the host; the former is always larger than the latter.

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Based on TCP timestamps obtained via port 135, the host's uptime is 2 days, 19 hours, and 17 minutes.
The TCP timestamps from the host are in units of 10 milliseconds.
Expand Severity Title Port/Service
2
Installed Applications Enumerated From Windows Installer
QID:
90235
Category:
Windows
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
07/14/2010
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The installed applications at the Windows host are listed. This test obtains this list by querying the registry keys corresponding to the Installer Database.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
KeyDisplay NameDisplay Version
Microsoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 Client Profile4.0.30319
Microsoft .NET Framework 4 ExtendedMicrosoft .NET Framework 4 Extended4.0.30319
{18E893B6-28F0-495B-8448-AC40F4496728}Broadcom Management Programs12.62.07
{23170F69-40C1-2702-0920-000001000000}7-Zip 9.20 (x64 edition)9.20.00.0
{73CA0462-DD49-495D-A6E5-AC4CF6F5FAC1}Symantec Endpoint Protection11.0.6100.645
{82a8e181-8f32-4635-b26d-1f0eb64b97a8}Splunk107.2.16834
{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}Microsoft Silverlight5.1.20125.0
{8E34682C-8118-31F1-BC4C-98CD9675E1C2}Microsoft .NET Framework 4 Extended4.0.30319
{EAF846FB-AEA4-49AC-94DA-7333EA4B846C}Broadcom NetXtreme II Driver Installer12.54.06
{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}Microsoft .NET Framework 4 Client Profile4.0.30319
KeyDisplay NameDisplay Version
InstallShield_{921738A4-E6C2-45C8-80AF-4B7A228E3AD4}MegaRAID Storage Manager v9.00.01009.00.0100
LiveUpdateLiveUpdate 3.3 (Symantec Corporation)3.3.0.96
{1CD3B8BB-3057-4B8E-AFDB-D99F8547B02D}CrashPlan PRO Server1.09.1019
{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}Microsoft Visual C++ 2005 Redistributable8.0.61001
{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2416472Security Update for Microsoft .NET Framework 4 Extended (KB2416472)1
{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871Update for Microsoft .NET Framework 4 Extended (KB2468871)1
{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2487367Security Update for Microsoft .NET Framework 4 Extended (KB2487367)1
{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523Update for Microsoft .NET Framework 4 Extended (KB2533523)1
{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217Update for Microsoft .NET Framework 4 Extended (KB2600217)1
{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2656351Security Update for Microsoft .NET Framework 4 Extended (KB2656351)1
{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2736428Security Update for Microsoft .NET Framework 4 Extended (KB2736428)1
{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2742595Security Update for Microsoft .NET Framework 4 Extended (KB2742595)1
{921738A4-E6C2-45C8-80AF-4B7A228E3AD4}MegaRAID Storage Manager v9.00.01009.00.0100
{C06DA922-6C85-43A2-993F-744F399BF7D4}Dell System E-support Tool2.1
{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871Update for Microsoft .NET Framework 4 Client Profile (KB2468871)1
{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2473228Update for Microsoft .NET Framework 4 Client Profile (KB2473228)1
{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2518870Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)1
{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523Update for Microsoft .NET Framework 4 Client Profile (KB2533523)1
{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2539636Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)1
{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2572078Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)1
{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217Update for Microsoft .NET Framework 4 Client Profile (KB2600217)1
{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2604121Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)1
{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2633870Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)1
{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656351Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)1
{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656368Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)1
{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656368v2Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)2
{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656405Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)1
{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2686827Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)1
{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2729449Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)1
{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2736428Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)1
{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2737019Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)1
{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2742595Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)1
{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2789642Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)1
Expand Severity Title Port/Service
2
Real Name of Built-in Guest Account Enumerated
QID:
90266
Category:
Windows
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
08/30/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Microsoft best practices documents recommend renaming the built-in Guest account. This test enumerates the actual name of the built-in Guest account.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
cas.guest
Expand Severity Title Port/Service
2
Microsoft Windows Users With Privilege - Assign Primary Token Privilege
QID:
105099
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/25/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The SeAssignPrimaryTokenPrivilege setting at the host is enumerated. By default Local Service and Network Service have this privilege. Local System has the privilege inherently.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Type: CobIT
Section: DS5.4
Description: User Account Management Ensure that requesting, establishing, issuing, suspending, modifying and closing user accounts and related user privileges are addressed by user account management. An approval procedure outlining the data or system owner granting the access privileges should be included. These procedures should apply for all users, including administrators (privileged users), internal and external users, for normal and emergency cases. Rights and obligations relative to access to enterprise systems and information are contractually arranged for all types of users. Perform regular management review of all accounts and related privileges.

EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Network_Service
Local_Service
Expand Severity Title Port/Service
2
Microsoft Windows Users With Privilege - Audit Privilege
QID:
105100
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
03/21/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The SeAuditPrivilege setting at the host is enumerated. By default Local Service and Network Service accounts have this privilege. Local System has the privilege inherently.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Network_Service
Local_Service
Expand Severity Title Port/Service
2
Microsoft Windows Users With Privilege - Backup Files and Directories
QID:
105101
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
03/21/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The SeBackupPrivilege setting allows the user to circumvent file and directory permissions to back up the system. The privilege is selected only when an application attempts access by using the NTFS backup application programming interface API. Otherwise, normal file and directory permissions apply. By default administrators and backup operators have access.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Type: CobIT
Section: DS5.4
Description: User Account Management Ensure that requesting, establishing, issuing, suspending, modifying and closing user accounts and related user privileges are addressed by user account management. An approval procedure outlining the data or system owner granting the access privileges should be included. These procedures should apply for all users, including administrators (privileged users), internal and external users, for normal and emergency cases. Rights and obligations relative to access to enterprise systems and information are contractually arranged for all types of users. Perform regular management review of all accounts and related privileges.

EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Backup_Operators
Administrators
Expand Severity Title Port/Service
2
Microsoft Windows Users With Privilege - Change Notify
QID:
105102
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
03/21/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Allows a user to passthrough folders to which the user otherwise has no access while navigating an object path in the NTFS file system or in the registry. This privilege does not allow the user to list the contents of a folder; it allows the user only to traverse its directories. By default administrators, backup operators, power users, users who have this privilege.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Type: CobIT
Section: DS5.4
Description: User Account Management Ensure that requesting, establishing, issuing, suspending, modifying and closing user accounts and related user privileges are addressed by user account management. An approval procedure outlining the data or system owner granting the access privileges should be included. These procedures should apply for all users, including administrators (privileged users), internal and external users, for normal and emergency cases. Rights and obligations relative to access to enterprise systems and information are contractually arranged for all types of users. Perform regular management review of all accounts and related privileges.

EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Backup_Operators
Administrators
Network_Service
Local_Service
Authenticated_Users
Expand Severity Title Port/Service
2
Microsoft Windows Users With Privilege - Create Global Objects
QID:
105103
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
03/21/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The SeCreateGlobalPrivilege setting at the host is enumerated. This privilege is required to create named file mapping objects in the global namespace during Terminal Services sessions. This privilege is enabled by default for administrators, services and the Local System account.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Type: CobIT
Section: DS5.9
Description: Malicious Software Prevention, Detection and Correction Ensure that preventive, detective and corrective measures are in place (especially up-to-date security patches and virus control) across the organisation to protect information systems and technology from malware (viruses, worms, spyware, spam, internally developed fraudulent software, etc.).

EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Service_Logon
Administrators
Network_Service
Local_Service
Expand Severity Title Port/Service
2
Microsoft Windows Users With Privilege - Create Page File
QID:
105104
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
03/21/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The SeCreatePagefile privilege setting at the host is enumerated. This allows users to create and change the size of a page file. This is done by specifying a page file size for a particular drive in the "performance options" box on the Advanced tab of System Properties. By default administrators have this privilege.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Administrators
Expand Severity Title Port/Service
2
Microsoft Windows Users With Privilege - Impersonate
QID:
105109
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
03/21/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The SeImpersonatePrivilege setting at the host is enumerated. This allows a user to impersonate a client after authentication.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Service_Logon
Administrators
Network_Service
Local_Service
Expand Severity Title Port/Service
2
Microsoft Windows Users With Privilege - Increase Base Priority
QID:
105110
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
03/21/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The SeIncreaseBasePriorityPrivilege setting at the host is enumerated. This allows a user to increase the base priority class of a process. By default administrators have this privilege.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Type: CobIT
Section: DS5.4
Description: User Account Management Ensure that requesting, establishing, issuing, suspending, modifying and closing user accounts and related user privileges are addressed by user account management. An approval procedure outlining the data or system owner granting the access privileges should be included. These procedures should apply for all users, including administrators (privileged users), internal and external users, for normal and emergency cases. Rights and obligations relative to access to enterprise systems and information are contractually arranged for all types of users. Perform regular management review of all accounts and related privileges.

EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Administrators
Expand Severity Title Port/Service
2
Microsoft Windows Users With Privilege - Increase Quota
QID:
105111
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
03/21/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The SeIncreaseQuotaPrivilege setting at the host is enumerated. This allows a process that has access to a second process to increase the processor quota assigned to the second process. By default administrators, Local Service and Network Service have this privilege.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Administrators
Network_Service
Local_Service
Expand Severity Title Port/Service
2
Microsoft Windows Users With Privilege - Load Drivers
QID:
105112
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
03/21/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The SeLoadDriverPrivilege setting at the host is enumerated. This allows a user to load or unload a driver. By default administrators have this privilege.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Administrators
Expand Severity Title Port/Service
2
Microsoft Windows Users With Privilege - Profile Single Process
QID:
105114
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
03/21/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Allows a user to sample the performance of an application process. By default administrators and power users are vulnerable.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Type: CobIT
Section: DS5.4
Description: User Account Management Ensure that requesting, establishing, issuing, suspending, modifying and closing user accounts and related user privileges are addressed by user account management. An approval procedure outlining the data or system owner granting the access privileges should be included. These procedures should apply for all users, including administrators (privileged users), internal and external users, for normal and emergency cases. Rights and obligations relative to access to enterprise systems and information are contractually arranged for all types of users. Perform regular management review of all accounts and related privileges.

EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Administrators
Expand Severity Title Port/Service
2
Microsoft Windows Users With Privilege - Remote Shutdown
QID:
105115
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
03/21/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The SeRemoteShutdownPrevilage setting at the host is enumerated. This allows users to shutdown a system from a remote system.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Administrators
Expand Severity Title Port/Service
2
Microsoft Windows Users With Privilege - Restore
QID:
105116
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
03/21/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The SeRestorePrivilege setting at the host is enumerated. This allows a user to circumvent file and directory permissions when restoring backed-up files and directories, and to set any valid security principal as the owner of an object. By default administrators and backup operators have this privilege.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Type: CobIT
Section: DS5.4
Description: User Account Management Ensure that requesting, establishing, issuing, suspending, modifying and closing user accounts and related user privileges are addressed by user account management. An approval procedure outlining the data or system owner granting the access privileges should be included. These procedures should apply for all users, including administrators (privileged users), internal and external users, for normal and emergency cases. Rights and obligations relative to access to enterprise systems and information are contractually arranged for all types of users. Perform regular management review of all accounts and related privileges.

EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Backup_Operators
Administrators
Expand Severity Title Port/Service
2
Microsoft Windows Users With Privilege - Change Security Atrributes
QID:
105117
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
03/21/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The SeSecurityPrivilege setting at the host is enumerated. This allows users to specify object access auditing options for individual resources such as files, active directory objects, and registry keys. By default administrators have this privilege.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Administrators
Expand Severity Title Port/Service
2
Microsoft Windows Users With Privilege - Shutdown
QID:
105118
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
03/21/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The SeShutdownPrivilege setting at the host is enumerated. This allows a user to shutdown a local computer. By default administrators, backup operators, power users and users have this privilege.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Backup_Operators
Administrators
Expand Severity Title Port/Service
2
Microsoft Windows Users With Privilege - Manage Volumes
QID:
105119
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
03/21/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The SeManageVolumePrivilege setting at the host is enumerated. This allows a non-administrative or remote user to manage volumes or disks. By default administrators have this privilege.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Administrators
Expand Severity Title Port/Service
2
Microsoft Windows Users With Privileges - Profile System
QID:
105122
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
03/21/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The SeSystemProfilePrivilege setting at the host is enumerated. This allows a user to sample the performance of system processes. By default administrators have this privilege.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Type: CobIT
Section: DS5.4
Description: User Account Management Ensure that requesting, establishing, issuing, suspending, modifying and closing user accounts and related user privileges are addressed by user account management. An approval procedure outlining the data or system owner granting the access privileges should be included. These procedures should apply for all users, including administrators (privileged users), internal and external users, for normal and emergency cases. Rights and obligations relative to access to enterprise systems and information are contractually arranged for all types of users. Perform regular management review of all accounts and related privileges.

EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Administrators
Expand Severity Title Port/Service
2
Microsoft Windows Users With Privileges - Modify System Time
QID:
105123
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
11/22/2006
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The SeSystemTimePrivilege setting at the host is enumerated. This allows a user to adjust the time on the computer's internal clock. By default administrators and power users have this privilege.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Type: CobIT
Section: DS5.4
Description: User Account Management Ensure that requesting, establishing, issuing, suspending, modifying and closing user accounts and related user privileges are addressed by user account management. An approval procedure outlining the data or system owner granting the access privileges should be included. These procedures should apply for all users, including administrators (privileged users), internal and external users, for normal and emergency cases. Rights and obligations relative to access to enterprise systems and information are contractually arranged for all types of users. Perform regular management review of all accounts and related privileges.

EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Administrators
Local_Service
Expand Severity Title Port/Service
2
Microsoft Windows Users With Privileges - Take Object Ownership
QID:
105124
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
03/21/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The SeTakeOwnershipPrivilege setting at the host is enumerated. This allows a user to take ownership of any securable object in the system including Active Directory objects, NTFS files and folders, printers, registry keys, services, processes and threads. By default administrators have this privilege.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Administrators
Expand Severity Title Port/Service
2
Microsoft Windows Users With Privilege - Undock Privilege
QID:
105126
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
03/21/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The SeUndockPrivilege setting at the host is enumerated. This allows the user of a portable computer to undock the computer by checking Eject PC at the start menu.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Administrators
Expand Severity Title Port/Service
2
Microsoft Windows Users With Rights - Logon as a Batch
QID:
105156
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/06/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The accounts with batch logon rights are enumerated.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Performance_Log_Users
Backup_Operators
Administrators
Expand Severity Title Port/Service
2
Microsoft Windows Users With Rights - Interactive Logon
QID:
105157
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/06/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The accounts with interactive logon rights are enumerated.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Administrators
Expand Severity Title Port/Service
2
Microsoft Windows Users With Rights - Network Logon
QID:
105158
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/06/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The accounts with network logon rights are enumerated.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Administrators
Authenticated_Users
Expand Severity Title Port/Service
2
Microsoft Windows Users With Rights - Logon as a Service
QID:
105159
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/06/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The accounts with service logon rights are enumerated.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
ALL SERVICES
BUILTIN
Expand Severity Title Port/Service
2
Microsoft Windows Users With Rights Denied - Logon as a Batch
QID:
105160
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/06/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The accounts for which the batch logon rights are explicitly denied are enumerated.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Type: CobIT
Section: DS5.4
Description: User Account Management Ensure that requesting, establishing, issuing, suspending, modifying and closing user accounts and related user privileges are addressed by user account management. An approval procedure outlining the data or system owner granting the access privileges should be included. These procedures should apply for all users, including administrators (privileged users), internal and external users, for normal and emergency cases. Rights and obligations relative to access to enterprise systems and information are contractually arranged for all types of users. Perform regular management review of all accounts and related privileges.

EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Guests
Domain_Admins_Group
Expand Severity Title Port/Service
2
Microsoft Windows Users With Rights Denied - Interactive Logon
QID:
105161
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/06/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The accounts for which the interactive logon is explicitly denied are enumerated.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Guests
Domain_Admins_Group
Expand Severity Title Port/Service
2
Microsoft Windows Users With Rights Denied - Network Logon
QID:
105162
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/06/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The accounts for which network logon is explicitly denied are enumerated.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Guests
Domain_Admins_Group
Expand Severity Title Port/Service
2
Microsoft Windows Users With Rights Denied - Logon as a Service
QID:
105163
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/06/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The accounts with Service Logon rights explicitly denied are enumerated.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Guests
Domain_Admins_Group
Expand Severity Title Port/Service
2
Windows Auto Reboot After Blue Screen Not Disabled
QID:
105172
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
04/12/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Auto Reboot after blue screen is enabled on the host. It can be used for activating planted applications that require reboot by causing a system error.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
HKLM\SYSTEM\CurrentControlSet\Control\CrashControl AutoReboot = 1
Expand Severity Title Port/Service
2
Microsoft Windows Win32 Services Security Analysis
QID:
105183
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
06/06/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
This test enumerates the security permissions of non-disabled services on the target Windows system.
IMPACT:
Unauthorized users might be able to control critical system components and modify their configuration.
SOLUTION:
Make sure only administrative users have access to the control of system services.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
NameAccessACL1ACL2ACL3
BFEAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
BFEAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
BFEAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
BFEAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
BFEAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
BFEAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
BFEAccess Allowed for Administratorsstop-servicepause-continue-service-
BFEAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
BFEAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
BFEAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
BFEAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
BITSAccess Allowed for Local Systemstandard-readstandard-write-ownerstandard-write-dac
BITSAccess Allowed for Local Systemstandard-deletequery-service-configchange-service-config
BITSAccess Allowed for Local Systemquery-service-statusenumerate-service-dependentsstart-service
BITSAccess Allowed for Local Systemstop-servicepause-continue-service-
BITSAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
BITSAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
BITSAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
BITSAccess Allowed for Administratorsstop-servicepause-continue-service-
BITSAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
BITSAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
BITSAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
BITSAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
ccEvtMgrAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
ccEvtMgrAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
ccEvtMgrAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
ccEvtMgrAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
ccEvtMgrAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
ccEvtMgrAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
ccEvtMgrAccess Allowed for Administratorsstop-servicepause-continue-service-
ccEvtMgrAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
ccEvtMgrAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
ccEvtMgrAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
ccEvtMgrAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
ccSetMgrAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
ccSetMgrAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
ccSetMgrAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
ccSetMgrAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
ccSetMgrAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
ccSetMgrAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
ccSetMgrAccess Allowed for Administratorsstop-servicepause-continue-service-
ccSetMgrAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
ccSetMgrAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
ccSetMgrAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
ccSetMgrAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
CertPropSvcAccess Allowed for Local Systemstandard-readstandard-write-ownerstandard-write-dac
CertPropSvcAccess Allowed for Local Systemstandard-deletequery-service-configchange-service-config
CertPropSvcAccess Allowed for Local Systemquery-service-statusenumerate-service-dependentsstart-service
CertPropSvcAccess Allowed for Local Systemstop-servicepause-continue-service-
CertPropSvcAccess Allowed for Administratorsstandard-readquery-service-configchange-service-config
CertPropSvcAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
CertPropSvcAccess Allowed for Administratorsstop-servicepause-continue-servicenterrogate-service
CertPropSvcAccess Allowed for Administratorsservice-user-defined-control--
CertPropSvcAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
CertPropSvcAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
CertPropSvcAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
CertPropSvcAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
CertPropSvcAccess Allowed for S-1-5-80-446051430-1559341753-4161941529-1950928533-810483104start-servicestop-service-
CrashPlanPROServerAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
CrashPlanPROServerAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
CrashPlanPROServerAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
CrashPlanPROServerAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
CrashPlanPROServerAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
CrashPlanPROServerAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
CrashPlanPROServerAccess Allowed for Administratorsstop-servicepause-continue-service-
CrashPlanPROServerAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
CrashPlanPROServerAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
CrashPlanPROServerAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
CrashPlanPROServerAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
CryptSvcAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
CryptSvcAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
CryptSvcAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
CryptSvcAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
CryptSvcAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
CryptSvcAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
CryptSvcAccess Allowed for Administratorsstop-servicepause-continue-service-
CryptSvcAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
CryptSvcAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
CryptSvcAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
CryptSvcAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
DcomLaunchAccess Allowed for Authenticated Usersstandard-readquery-service-configquery-service-status
DcomLaunchAccess Allowed for Authenticated Usersnterrogate-service--
DcomLaunchAccess Allowed for Local Systemstandard-readstandard-write-ownerstandard-write-dac
DcomLaunchAccess Allowed for Local Systemquery-service-configchange-service-configquery-service-status
DcomLaunchAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
DcomLaunchAccess Allowed for Local Systempause-continue-servicenterrogate-service-
DcomLaunchAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
DcomLaunchAccess Allowed for Administratorsquery-service-configquery-service-statusenumerate-service-dependents
DcomLaunchAccess Allowed for Administratorsstart-servicestop-servicepause-continue-service
DcomLaunchAccess Allowed for Administratorsnterrogate-service--
DcomLaunchAccess Allowed for Usersquery-service-configquery-service-statusnterrogate-service
DhcpAccess Allowed for Authenticated Usersstandard-readquery-service-configquery-service-status
DhcpAccess Allowed for Authenticated Usersenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
DhcpAccess Allowed for Network Configuration Operatorsstandard-readquery-service-configquery-service-status
DhcpAccess Allowed for Network Configuration Operatorsenumerate-service-dependentsstart-servicestop-service
DhcpAccess Allowed for Network Configuration Operatorspause-continue-servicenterrogate-serviceservice-user-defined-control
DhcpAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
DhcpAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
DhcpAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
DhcpAccess Allowed for Administratorsstop-servicepause-continue-service-
DhcpAccess Allowed for Localstandard-readquery-service-configquery-service-status
DhcpAccess Allowed for Localenumerate-service-dependentsstart-servicenterrogate-service
DhcpAccess Allowed for Localservice-user-defined-control--
DhcpAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
DhcpAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
DhcpAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
DnscacheAccess Allowed for Usersstandard-readquery-service-configquery-service-status
DnscacheAccess Allowed for Usersenumerate-service-dependentsstart-servicenterrogate-service
DnscacheAccess Allowed for Usersservice-user-defined-control--
DnscacheAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
DnscacheAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
DnscacheAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
DnscacheAccess Allowed for Administratorsstop-servicepause-continue-service-
DnscacheAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
DnscacheAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
DnscacheAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
DnscacheAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
DnscacheAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
DnscacheAccess Allowed for Network Servicestandard-readquery-service-configquery-service-status
DnscacheAccess Allowed for Network Serviceenumerate-service-dependentsnterrogate-service-
DnscacheAccess Allowed for Local Servicestandard-readquery-service-configquery-service-status
DnscacheAccess Allowed for Local Serviceenumerate-service-dependentsnterrogate-service-
DnscacheAccess Allowed for Network Configuration Operatorsstandard-readquery-service-configquery-service-status
DnscacheAccess Allowed for Network Configuration Operatorsenumerate-service-dependentspause-continue-servicenterrogate-service
DnscacheAccess Allowed for S-1-5-80-2940520708-3855866260-481812779-327648279-1710889582standard-readquery-service-configquery-service-status
DnscacheAccess Allowed for S-1-5-80-2940520708-3855866260-481812779-327648279-1710889582enumerate-service-dependentspause-continue-servicenterrogate-service
DnscacheAccess Allowed for S-1-5-80-2940520708-3855866260-481812779-327648279-1710889582service-user-defined-control--
DPSAccess Allowed for Local Systemstandard-readstandard-write-ownerstandard-write-dac
DPSAccess Allowed for Local Systemstandard-deletequery-service-configchange-service-config
DPSAccess Allowed for Local Systemquery-service-statusenumerate-service-dependentsstart-service
DPSAccess Allowed for Local Systemstop-servicepause-continue-service-
DPSAccess Allowed for Administratorsstandard-readquery-service-configchange-service-config
DPSAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
DPSAccess Allowed for Administratorsstop-servicepause-continue-servicenterrogate-service
DPSAccess Allowed for Administratorsservice-user-defined-control--
DPSAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
DPSAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
DPSAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
DPSAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
eventlogAccess Allowed for Authenticated Usersstandard-readquery-service-configquery-service-status
eventlogAccess Allowed for Authenticated Usersenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
eventlogAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
eventlogAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
eventlogAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
eventlogAccess Allowed for Administratorsstop-servicepause-continue-service-
eventlogAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
eventlogAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
eventlogAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
EventSystemAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
EventSystemAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
EventSystemAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
EventSystemAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
EventSystemAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
EventSystemAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
EventSystemAccess Allowed for Administratorsstop-servicepause-continue-service-
EventSystemAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
EventSystemAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
EventSystemAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
EventSystemAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
FontCacheAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
FontCacheAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
FontCacheAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
FontCacheAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
FontCacheAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
FontCacheAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
FontCacheAccess Allowed for Administratorsstop-servicepause-continue-service-
FontCacheAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
FontCacheAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
FontCacheAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
FontCacheAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
FontCacheAccess Allowed for Interactive Logonstart-service--
FontCacheAccess Allowed for Service Logonstart-service--
FontCacheAccess Allowed for S-1-15-2-1standard-readquery-service-configquery-service-status
FontCacheAccess Allowed for S-1-15-2-1enumerate-service-dependentsstart-servicenterrogate-service
FontCacheAccess Allowed for S-1-15-2-1service-user-defined-control--
gpsvcAccess Allowed for Local Systemstandard-readstandard-write-ownerstandard-write-dac
gpsvcAccess Allowed for Local Systemstandard-deletequery-service-configchange-service-config
gpsvcAccess Allowed for Local Systemquery-service-statusenumerate-service-dependentsstart-service
gpsvcAccess Allowed for Local Systemstop-servicepause-continue-service-
gpsvcAccess Allowed for Administratorsstandard-readquery-service-configquery-service-status
gpsvcAccess Allowed for Administratorsenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
gpsvcAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
gpsvcAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
gpsvcAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
gpsvcAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
IKEEXTAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
IKEEXTAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
IKEEXTAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
IKEEXTAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
IKEEXTAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
IKEEXTAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
IKEEXTAccess Allowed for Administratorsstop-servicepause-continue-service-
IKEEXTAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
IKEEXTAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
IKEEXTAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
IKEEXTAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
iphlpsvcAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
iphlpsvcAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
iphlpsvcAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
iphlpsvcAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
iphlpsvcAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
iphlpsvcAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
iphlpsvcAccess Allowed for Administratorsstop-servicepause-continue-service-
iphlpsvcAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
iphlpsvcAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
iphlpsvcAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
iphlpsvcAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
LanmanServerAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
LanmanServerAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
LanmanServerAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
LanmanServerAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
LanmanServerAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
LanmanServerAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
LanmanServerAccess Allowed for Administratorsstop-servicepause-continue-service-
LanmanServerAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
LanmanServerAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
LanmanServerAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
LanmanServerAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
LanmanWorkstationAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
LanmanWorkstationAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
LanmanWorkstationAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
LanmanWorkstationAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
LanmanWorkstationAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
LanmanWorkstationAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
LanmanWorkstationAccess Allowed for Administratorsstop-servicepause-continue-service-
LanmanWorkstationAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
LanmanWorkstationAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
LanmanWorkstationAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
LanmanWorkstationAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
lmhostsAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
lmhostsAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
lmhostsAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
lmhostsAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
lmhostsAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
lmhostsAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
lmhostsAccess Allowed for Administratorsstop-servicepause-continue-service-
lmhostsAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
lmhostsAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
lmhostsAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
lmhostsAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
MegaMonitorSrvAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
MegaMonitorSrvAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
MegaMonitorSrvAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
MegaMonitorSrvAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
MegaMonitorSrvAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
MegaMonitorSrvAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
MegaMonitorSrvAccess Allowed for Administratorsstop-servicepause-continue-service-
MegaMonitorSrvAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
MegaMonitorSrvAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
MegaMonitorSrvAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
MegaMonitorSrvAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
MpsSvcAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
MpsSvcAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
MpsSvcAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
MpsSvcAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
MpsSvcAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
MpsSvcAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
MpsSvcAccess Allowed for Administratorsstop-servicepause-continue-service-
MpsSvcAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
MpsSvcAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
MpsSvcAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
MpsSvcAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
MpsSvcAccess Allowed for S-1-5-80-2006800713-1441093265-249754844-3404434343-1444102779query-service-configquery-service-statusstart-service
MSDTCAccess Allowed for Localstandard-readquery-service-configquery-service-status
MSDTCAccess Allowed for Localenumerate-service-dependentsstart-servicenterrogate-service
MSDTCAccess Allowed for Local Systemstandard-readquery-service-configchange-service-config
MSDTCAccess Allowed for Local Systemquery-service-statusenumerate-service-dependentsstart-service
MSDTCAccess Allowed for Local Systemstop-servicepause-continue-servicenterrogate-service
MSDTCAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
MSDTCAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
MSDTCAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
MSDTCAccess Allowed for Administratorsstop-servicepause-continue-service-
MSDTCAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
MSDTCAccess Allowed for Interactive Logonenumerate-service-dependentsstart-servicenterrogate-service
MSDTCAccess Allowed for Authenticated Usersstandard-readquery-service-configquery-service-status
MSDTCAccess Allowed for Authenticated Usersenumerate-service-dependentsnterrogate-service-
MSDTCAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
MSDTCAccess Allowed for Service Logonenumerate-service-dependentsstart-servicenterrogate-service
MSDTCAccess Allowed for S-1-5-80-3960419045-2460139048-4046793004-1809597027-2250574426standard-readquery-service-configquery-service-status
MSDTCAccess Allowed for S-1-5-80-3960419045-2460139048-4046793004-1809597027-2250574426enumerate-service-dependentsnterrogate-service-
MSMFrameworkAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
MSMFrameworkAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
MSMFrameworkAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
MSMFrameworkAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
MSMFrameworkAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
MSMFrameworkAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
MSMFrameworkAccess Allowed for Administratorsstop-servicepause-continue-service-
MSMFrameworkAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
MSMFrameworkAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
MSMFrameworkAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
MSMFrameworkAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
NetlogonAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
NetlogonAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
NetlogonAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
NetlogonAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
NetlogonAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
NetlogonAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
NetlogonAccess Allowed for Administratorsstop-servicepause-continue-service-
NetlogonAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
NetlogonAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
NetlogonAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
NetlogonAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
NetmanAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
NetmanAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
NetmanAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
NetmanAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
NetmanAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
NetmanAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
NetmanAccess Allowed for Administratorsstop-servicepause-continue-service-
NetmanAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
NetmanAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
NetmanAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
NetmanAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
netprofmAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
netprofmAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
netprofmAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
netprofmAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
netprofmAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
netprofmAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
netprofmAccess Allowed for Administratorsstop-servicepause-continue-service-
netprofmAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
netprofmAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
netprofmAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
netprofmAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
NlaSvcAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
NlaSvcAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
NlaSvcAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
NlaSvcAccess Allowed for Administratorsstop-servicepause-continue-service-
NlaSvcAccess Allowed for Local Systemstandard-readstandard-write-ownerstandard-write-dac
NlaSvcAccess Allowed for Local Systemstandard-deletequery-service-configchange-service-config
NlaSvcAccess Allowed for Local Systemquery-service-statusenumerate-service-dependentsstart-service
NlaSvcAccess Allowed for Local Systemstop-servicepause-continue-service-
NlaSvcAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
NlaSvcAccess Allowed for Interactive Logonenumerate-service-dependentsstart-servicenterrogate-service
NlaSvcAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
NlaSvcAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
NlaSvcAccess Allowed for S-1-5-80-3141615172-2057878085-1754447212-2405740020-3916490453standard-readquery-service-configquery-service-status
NlaSvcAccess Allowed for S-1-5-80-3141615172-2057878085-1754447212-2405740020-3916490453enumerate-service-dependentsstart-service-
nsiAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
nsiAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
nsiAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
nsiAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
nsiAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
nsiAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
nsiAccess Allowed for Administratorsstop-servicepause-continue-service-
nsiAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
nsiAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
nsiAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
nsiAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
PlugPlayAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
PlugPlayAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
PlugPlayAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
PlugPlayAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
PlugPlayAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
PlugPlayAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
PlugPlayAccess Allowed for Administratorsstop-servicepause-continue-service-
PlugPlayAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
PlugPlayAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
PlugPlayAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
PlugPlayAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
PolicyAgentAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
PolicyAgentAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
PolicyAgentAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
PolicyAgentAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
PolicyAgentAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
PolicyAgentAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
PolicyAgentAccess Allowed for Administratorsstop-servicepause-continue-service-
PolicyAgentAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
PolicyAgentAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
PolicyAgentAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
PolicyAgentAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
PowerAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
PowerAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
PowerAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
PowerAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
PowerAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
PowerAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
PowerAccess Allowed for Administratorsstop-servicepause-continue-service-
PowerAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
PowerAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
PowerAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
PowerAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
ProfSvcAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
ProfSvcAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
ProfSvcAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
ProfSvcAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
ProfSvcAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
ProfSvcAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
ProfSvcAccess Allowed for Administratorsstop-servicepause-continue-service-
ProfSvcAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
ProfSvcAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
ProfSvcAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
ProfSvcAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
RasManAccess Allowed for Authenticated Usersstandard-readquery-service-configquery-service-status
RasManAccess Allowed for Authenticated Usersenumerate-service-dependentsstart-servicenterrogate-service
RasManAccess Allowed for Authenticated Usersservice-user-defined-control--
RasManAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
RasManAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
RasManAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
RasManAccess Allowed for Administratorsstop-servicepause-continue-service-
RemoteRegistryAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
RemoteRegistryAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
RemoteRegistryAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
RemoteRegistryAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
RemoteRegistryAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
RemoteRegistryAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
RemoteRegistryAccess Allowed for Administratorsstop-servicepause-continue-service-
RemoteRegistryAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
RemoteRegistryAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
RemoteRegistryAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
RemoteRegistryAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
RpcEptMapperAccess Allowed for Authenticated Usersstandard-readquery-service-configquery-service-status
RpcEptMapperAccess Allowed for Authenticated Usersnterrogate-service--
RpcEptMapperAccess Allowed for Local Systemstandard-readstandard-write-ownerstandard-write-dac
RpcEptMapperAccess Allowed for Local Systemquery-service-configchange-service-configquery-service-status
RpcEptMapperAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
RpcEptMapperAccess Allowed for Local Systempause-continue-servicenterrogate-service-
RpcEptMapperAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
RpcEptMapperAccess Allowed for Administratorsquery-service-configquery-service-statusenumerate-service-dependents
RpcEptMapperAccess Allowed for Administratorsstart-servicestop-servicepause-continue-service
RpcEptMapperAccess Allowed for Administratorsnterrogate-service--
RpcEptMapperAccess Allowed for Usersquery-service-configquery-service-statusstart-service
RpcEptMapperAccess Allowed for Usersnterrogate-service--
RpcSsAccess Allowed for Authenticated Usersstandard-readquery-service-configquery-service-status
RpcSsAccess Allowed for Authenticated Usersnterrogate-service--
RpcSsAccess Allowed for Local Systemstandard-readstandard-write-ownerstandard-write-dac
RpcSsAccess Allowed for Local Systemquery-service-configchange-service-configquery-service-status
RpcSsAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
RpcSsAccess Allowed for Local Systempause-continue-servicenterrogate-service-
RpcSsAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
RpcSsAccess Allowed for Administratorsquery-service-configquery-service-statusenumerate-service-dependents
RpcSsAccess Allowed for Administratorsstart-servicestop-servicepause-continue-service
RpcSsAccess Allowed for Administratorsnterrogate-service--
RpcSsAccess Allowed for Usersquery-service-configquery-service-statusnterrogate-service
RSoPProvAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
RSoPProvAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
RSoPProvAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
RSoPProvAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
RSoPProvAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
RSoPProvAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
RSoPProvAccess Allowed for Administratorsstop-servicepause-continue-service-
RSoPProvAccess Allowed for Authenticated Usersstandard-readquery-service-configquery-service-status
RSoPProvAccess Allowed for Authenticated Usersenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
RSoPProvAccess Allowed for System Operatorsstandard-readstandard-write-ownerstandard-write-dac
RSoPProvAccess Allowed for System Operatorsstandard-deletequery-service-configchange-service-config
RSoPProvAccess Allowed for System Operatorsquery-service-statusenumerate-service-dependentsstart-service
RSoPProvAccess Allowed for System Operatorsstop-servicepause-continue-service-
SamSsAccess Allowed for Authenticated Usersstandard-readquery-service-configquery-service-status
SamSsAccess Allowed for Authenticated Usersenumerate-service-dependentsnterrogate-service-
SamSsAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
SamSsAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
SamSsAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
SamSsAccess Allowed for Administratorsstop-servicepause-continue-service-
SamSsAccess Allowed for Interactive Logonquery-service-configquery-service-statusenumerate-service-dependents
SamSsAccess Allowed for Interactive Logonnterrogate-service--
SamSsAccess Allowed for Usersquery-service-configquery-service-statusenumerate-service-dependents
SamSsAccess Allowed for Usersnterrogate-service--
ScheduleAccess Allowed for Authenticated Usersstandard-readquery-service-configquery-service-status
ScheduleAccess Allowed for Authenticated Usersenumerate-service-dependentsnterrogate-service-
ScheduleAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
ScheduleAccess Allowed for Administratorsquery-service-configquery-service-statusenumerate-service-dependents
ScheduleAccess Allowed for Administratorsstart-servicepause-continue-servicenterrogate-service
ScheduleAccess Allowed for Administratorsservice-user-defined-control--
ScheduleAccess Allowed for Local Systemstandard-readstandard-write-ownerstandard-write-dac
ScheduleAccess Allowed for Local Systemstandard-deletequery-service-configchange-service-config
ScheduleAccess Allowed for Local Systemquery-service-statusenumerate-service-dependentsstart-service
ScheduleAccess Allowed for Local Systemstop-servicepause-continue-service-
ScheduleAccess Allowed for Usersstandard-readquery-service-configquery-service-status
ScheduleAccess Allowed for Usersenumerate-service-dependentsnterrogate-service-
SENSAccess Allowed for Authenticated Usersstandard-readquery-service-configquery-service-status
SENSAccess Allowed for Authenticated Usersenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
SENSAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
SENSAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
SENSAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
SENSAccess Allowed for Administratorsstop-servicepause-continue-service-
SENSAccess Allowed for System Operatorsstandard-readstandard-write-ownerstandard-write-dac
SENSAccess Allowed for System Operatorsstandard-deletequery-service-configchange-service-config
SENSAccess Allowed for System Operatorsquery-service-statusenumerate-service-dependentsstart-service
SENSAccess Allowed for System Operatorsstop-servicepause-continue-service-
SENSAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
SENSAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
SENSAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
SessionEnvAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
SessionEnvAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
SessionEnvAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
SessionEnvAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
SessionEnvAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
SessionEnvAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
SessionEnvAccess Allowed for Administratorsstop-servicepause-continue-service-
SessionEnvAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
SessionEnvAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
SessionEnvAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
SessionEnvAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
SessionEnvAccess Allowed for S-1-5-80-446051430-1559341753-4161941529-1950928533-810483104start-servicestop-service-
SmcServiceAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
SmcServiceAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
SmcServiceAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
SmcServiceAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
SmcServiceAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
SmcServiceAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
SmcServiceAccess Allowed for Administratorsstop-servicepause-continue-service-
SmcServiceAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
SmcServiceAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
SmcServiceAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
SmcServiceAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
SplunkdAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
SplunkdAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
SplunkdAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
SplunkdAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
SplunkdAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
SplunkdAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
SplunkdAccess Allowed for Administratorsstop-servicepause-continue-service-
SplunkdAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
Results were truncated.
Expand Severity Title Port/Service
2
Microsoft Windows Driver Security Analysis
QID:
105184
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
06/06/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
This test enumerates the security permissions for driver objects on the target Windows system.
IMPACT:
Improper driver object security can let an unauthorized user control critical operating system components.
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
NameAccessACL1ACL2ACL3
ACPIAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
ACPIAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
ACPIAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
ACPIAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
ACPIAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
ACPIAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
ACPIAccess Allowed for Administratorsstop-servicepause-continue-service-
ACPIAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
ACPIAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
ACPIAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
ACPIAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
AcpiPmiAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
AcpiPmiAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
AcpiPmiAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
AcpiPmiAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
AcpiPmiAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
AcpiPmiAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
AcpiPmiAccess Allowed for Administratorsstop-servicepause-continue-service-
AcpiPmiAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
AcpiPmiAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
AcpiPmiAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
AcpiPmiAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
AFDAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
AFDAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
AFDAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
AFDAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
AFDAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
AFDAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
AFDAccess Allowed for Administratorsstop-servicepause-continue-service-
AFDAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
AFDAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
AFDAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
AFDAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
amdxataAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
amdxataAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
amdxataAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
amdxataAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
amdxataAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
amdxataAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
amdxataAccess Allowed for Administratorsstop-servicepause-continue-service-
amdxataAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
amdxataAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
amdxataAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
amdxataAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
AsyncMacAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
AsyncMacAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
AsyncMacAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
AsyncMacAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
AsyncMacAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
AsyncMacAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
AsyncMacAccess Allowed for Administratorsstop-servicepause-continue-service-
AsyncMacAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
AsyncMacAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
AsyncMacAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
AsyncMacAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
b06bdrvAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
b06bdrvAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
b06bdrvAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
b06bdrvAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
b06bdrvAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
b06bdrvAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
b06bdrvAccess Allowed for Administratorsstop-servicepause-continue-service-
b06bdrvAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
b06bdrvAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
b06bdrvAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
b06bdrvAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
blbdriveAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
blbdriveAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
blbdriveAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
blbdriveAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
blbdriveAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
blbdriveAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
blbdriveAccess Allowed for Administratorsstop-servicepause-continue-service-
blbdriveAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
blbdriveAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
blbdriveAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
blbdriveAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
BlfmAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
BlfmAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
BlfmAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
BlfmAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
BlfmAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
BlfmAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
BlfmAccess Allowed for Administratorsstop-servicepause-continue-service-
BlfmAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
BlfmAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
BlfmAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
BlfmAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
bowserAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
bowserAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
bowserAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
bowserAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
bowserAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
bowserAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
bowserAccess Allowed for Administratorsstop-servicepause-continue-service-
bowserAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
bowserAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
bowserAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
bowserAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
CLFSAccess Allowed for S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464standard-readstandard-write-ownerstandard-write-dac
CLFSAccess Allowed for S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464standard-deletequery-service-configchange-service-config
CLFSAccess Allowed for S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464query-service-statusenumerate-service-dependentsstart-service
CLFSAccess Allowed for S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464stop-servicepause-continue-service-
CLFSAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
CLFSAccess Allowed for Local Systemenumerate-service-dependentsnterrogate-service-
CLFSAccess Allowed for Administratorsstandard-readquery-service-configquery-service-status
CLFSAccess Allowed for Administratorsenumerate-service-dependentsnterrogate-service-
CLFSAccess Allowed for Usersstandard-readquery-service-configquery-service-status
CLFSAccess Allowed for Usersenumerate-service-dependentsnterrogate-service-
CNGAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
CNGAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
CNGAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
CNGAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
CNGAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
CNGAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
CNGAccess Allowed for Administratorsstop-servicepause-continue-service-
CNGAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
CNGAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
CNGAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
CNGAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
CompositeBusAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
CompositeBusAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
CompositeBusAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
CompositeBusAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
CompositeBusAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
CompositeBusAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
CompositeBusAccess Allowed for Administratorsstop-servicepause-continue-service-
CompositeBusAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
CompositeBusAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
CompositeBusAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
CompositeBusAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
dcdbasAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
dcdbasAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
dcdbasAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
dcdbasAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
dcdbasAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
dcdbasAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
dcdbasAccess Allowed for Administratorsstop-servicepause-continue-service-
dcdbasAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
dcdbasAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
dcdbasAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
dcdbasAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
DfsCAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
DfsCAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
DfsCAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
DfsCAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
DfsCAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
DfsCAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
DfsCAccess Allowed for Administratorsstop-servicepause-continue-service-
DfsCAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
DfsCAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
DfsCAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
DfsCAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
discacheAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
discacheAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
discacheAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
discacheAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
discacheAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
discacheAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
discacheAccess Allowed for Administratorsstop-servicepause-continue-service-
discacheAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
discacheAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
discacheAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
discacheAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
DiskAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
DiskAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
DiskAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
DiskAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
DiskAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
DiskAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
DiskAccess Allowed for Administratorsstop-servicepause-continue-service-
DiskAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
DiskAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
DiskAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
DiskAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
eeCtrlAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
eeCtrlAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
eeCtrlAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
eeCtrlAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
eeCtrlAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
eeCtrlAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
eeCtrlAccess Allowed for Administratorsstop-servicepause-continue-service-
eeCtrlAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
eeCtrlAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
eeCtrlAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
eeCtrlAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
EraserUtilRebootDrvAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
EraserUtilRebootDrvAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
EraserUtilRebootDrvAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
EraserUtilRebootDrvAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
EraserUtilRebootDrvAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
EraserUtilRebootDrvAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
EraserUtilRebootDrvAccess Allowed for Administratorsstop-servicepause-continue-service-
EraserUtilRebootDrvAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
EraserUtilRebootDrvAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
EraserUtilRebootDrvAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
EraserUtilRebootDrvAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
ErrDevAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
ErrDevAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
ErrDevAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
ErrDevAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
ErrDevAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
ErrDevAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
ErrDevAccess Allowed for Administratorsstop-servicepause-continue-service-
ErrDevAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
ErrDevAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
ErrDevAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
ErrDevAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
fastfatAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
fastfatAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
fastfatAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
fastfatAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
fastfatAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
fastfatAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
fastfatAccess Allowed for Administratorsstop-servicepause-continue-service-
fastfatAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
fastfatAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
fastfatAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
fastfatAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
FltMgrAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
FltMgrAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
FltMgrAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
FltMgrAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
FltMgrAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
FltMgrAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
FltMgrAccess Allowed for Administratorsstop-servicepause-continue-service-
FltMgrAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
FltMgrAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
FltMgrAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
FltMgrAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
HTTPAccess Allowed for Local Systemstandard-readstandard-write-ownerstandard-write-dac
HTTPAccess Allowed for Local Systemstandard-deletequery-service-configchange-service-config
HTTPAccess Allowed for Local Systemquery-service-statusenumerate-service-dependentsstart-service
HTTPAccess Allowed for Local Systemstop-servicepause-continue-service-
HTTPAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
HTTPAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
HTTPAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
HTTPAccess Allowed for Administratorsstop-servicepause-continue-service-
HTTPAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
HTTPAccess Allowed for Interactive Logonenumerate-service-dependentsstart-servicenterrogate-service
HTTPAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
HTTPAccess Allowed for Service Logonenumerate-service-dependentsstart-servicenterrogate-service
HTTPAccess Allowed for Batch Logonstandard-readquery-service-configquery-service-status
HTTPAccess Allowed for Batch Logonenumerate-service-dependentsstart-servicenterrogate-service
hwpolicyAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
hwpolicyAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
hwpolicyAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
hwpolicyAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
hwpolicyAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
hwpolicyAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
hwpolicyAccess Allowed for Administratorsstop-servicepause-continue-service-
hwpolicyAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
hwpolicyAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
hwpolicyAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
hwpolicyAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
intelppmAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
intelppmAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
intelppmAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
intelppmAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
intelppmAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
intelppmAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
intelppmAccess Allowed for Administratorsstop-servicepause-continue-service-
intelppmAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
intelppmAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
intelppmAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
intelppmAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
IPMIDRVAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
IPMIDRVAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
IPMIDRVAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
IPMIDRVAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
IPMIDRVAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
IPMIDRVAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
IPMIDRVAccess Allowed for Administratorsstop-servicepause-continue-service-
IPMIDRVAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
IPMIDRVAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
IPMIDRVAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
IPMIDRVAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
kbdclassAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
kbdclassAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
kbdclassAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
kbdclassAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
kbdclassAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
kbdclassAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
kbdclassAccess Allowed for Administratorsstop-servicepause-continue-service-
kbdclassAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
kbdclassAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
kbdclassAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
kbdclassAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
KSecDDAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
KSecDDAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
KSecDDAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
KSecDDAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
KSecDDAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
KSecDDAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
KSecDDAccess Allowed for Administratorsstop-servicepause-continue-service-
KSecDDAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
KSecDDAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
KSecDDAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
KSecDDAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
KSecPkgAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
KSecPkgAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
KSecPkgAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
KSecPkgAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
KSecPkgAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
KSecPkgAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
KSecPkgAccess Allowed for Administratorsstop-servicepause-continue-service-
KSecPkgAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
KSecPkgAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
KSecPkgAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
KSecPkgAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
l2ndAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
l2ndAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
l2ndAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
l2ndAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
l2ndAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
l2ndAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
l2ndAccess Allowed for Administratorsstop-servicepause-continue-service-
l2ndAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
l2ndAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
l2ndAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
l2ndAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
lltdioAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
lltdioAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
lltdioAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
lltdioAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
lltdioAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
lltdioAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
lltdioAccess Allowed for Administratorsstop-servicepause-continue-service-
lltdioAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
lltdioAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
lltdioAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
lltdioAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
luafvAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
luafvAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
luafvAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
luafvAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
luafvAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
luafvAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
luafvAccess Allowed for Administratorsstop-servicepause-continue-service-
luafvAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
luafvAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
luafvAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
luafvAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
megasasAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
megasasAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
megasasAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
megasasAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
megasasAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
megasasAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
megasasAccess Allowed for Administratorsstop-servicepause-continue-service-
megasasAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
megasasAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
megasasAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
megasasAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
megasas2Access Allowed for Local Systemstandard-readquery-service-configquery-service-status
megasas2Access Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
megasas2Access Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
megasas2Access Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
megasas2Access Allowed for Administratorsstandard-deletequery-service-configchange-service-config
megasas2Access Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
megasas2Access Allowed for Administratorsstop-servicepause-continue-service-
megasas2Access Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
megasas2Access Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
megasas2Access Allowed for Service Logonstandard-readquery-service-configquery-service-status
megasas2Access Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
monitorAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
monitorAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
monitorAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
monitorAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
monitorAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
monitorAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
monitorAccess Allowed for Administratorsstop-servicepause-continue-service-
monitorAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
monitorAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
monitorAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
monitorAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
mouclassAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
mouclassAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
mouclassAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
mouclassAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
mouclassAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
mouclassAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
mouclassAccess Allowed for Administratorsstop-servicepause-continue-service-
mouclassAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
mouclassAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
mouclassAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
mouclassAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
mountmgrAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
mountmgrAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
mountmgrAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
mountmgrAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
mountmgrAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
mountmgrAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
mountmgrAccess Allowed for Administratorsstop-servicepause-continue-service-
mountmgrAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
mountmgrAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
mountmgrAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
mountmgrAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
mpsdrvAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
mpsdrvAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
mpsdrvAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
mpsdrvAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
mpsdrvAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
mpsdrvAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
mpsdrvAccess Allowed for Administratorsstop-servicepause-continue-service-
mpsdrvAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
mpsdrvAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
mpsdrvAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
mpsdrvAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
mrxsmbAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
mrxsmbAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
mrxsmbAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
mrxsmbAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
mrxsmbAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
mrxsmbAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
mrxsmbAccess Allowed for Administratorsstop-servicepause-continue-service-
mrxsmbAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
mrxsmbAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
mrxsmbAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
mrxsmbAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
mrxsmb10Access Allowed for Local Systemstandard-readquery-service-configquery-service-status
mrxsmb10Access Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
mrxsmb10Access Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
mrxsmb10Access Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
mrxsmb10Access Allowed for Administratorsstandard-deletequery-service-configchange-service-config
mrxsmb10Access Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
mrxsmb10Access Allowed for Administratorsstop-servicepause-continue-service-
mrxsmb10Access Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
mrxsmb10Access Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
mrxsmb10Access Allowed for Service Logonstandard-readquery-service-configquery-service-status
mrxsmb10Access Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
mrxsmb20Access Allowed for Local Systemstandard-readquery-service-configquery-service-status
mrxsmb20Access Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
mrxsmb20Access Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
mrxsmb20Access Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
mrxsmb20Access Allowed for Administratorsstandard-deletequery-service-configchange-service-config
mrxsmb20Access Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
mrxsmb20Access Allowed for Administratorsstop-servicepause-continue-service-
mrxsmb20Access Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
mrxsmb20Access Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
mrxsmb20Access Allowed for Service Logonstandard-readquery-service-configquery-service-status
mrxsmb20Access Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
MsfsAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
MsfsAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
MsfsAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
MsfsAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
MsfsAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
MsfsAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
MsfsAccess Allowed for Administratorsstop-servicepause-continue-service-
MsfsAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
MsfsAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
MsfsAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
MsfsAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
msisadrvAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
msisadrvAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
msisadrvAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
msisadrvAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
msisadrvAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
msisadrvAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
msisadrvAccess Allowed for Administratorsstop-servicepause-continue-service-
msisadrvAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
msisadrvAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
msisadrvAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
msisadrvAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
mssmbiosAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
mssmbiosAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
mssmbiosAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
mssmbiosAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
mssmbiosAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
mssmbiosAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
mssmbiosAccess Allowed for Administratorsstop-servicepause-continue-service-
mssmbiosAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
mssmbiosAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
mssmbiosAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
mssmbiosAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
MupAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
MupAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
MupAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
MupAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
MupAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
MupAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
MupAccess Allowed for Administratorsstop-servicepause-continue-service-
MupAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
MupAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
MupAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
MupAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
NAVENGAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
NAVENGAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
NAVENGAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
NAVENGAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
NAVENGAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
NAVENGAccess Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
NAVENGAccess Allowed for Administratorsstop-servicepause-continue-service-
NAVENGAccess Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
NAVENGAccess Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
NAVENGAccess Allowed for Service Logonstandard-readquery-service-configquery-service-status
NAVENGAccess Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
NAVEX15Access Allowed for Local Systemstandard-readquery-service-configquery-service-status
NAVEX15Access Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
NAVEX15Access Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
NAVEX15Access Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
NAVEX15Access Allowed for Administratorsstandard-deletequery-service-configchange-service-config
NAVEX15Access Allowed for Administratorsquery-service-statusenumerate-service-dependentsstart-service
NAVEX15Access Allowed for Administratorsstop-servicepause-continue-service-
NAVEX15Access Allowed for Interactive Logonstandard-readquery-service-configquery-service-status
NAVEX15Access Allowed for Interactive Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
NAVEX15Access Allowed for Service Logonstandard-readquery-service-configquery-service-status
NAVEX15Access Allowed for Service Logonenumerate-service-dependentsnterrogate-serviceservice-user-defined-control
NDISAccess Allowed for Local Systemstandard-readquery-service-configquery-service-status
NDISAccess Allowed for Local Systemenumerate-service-dependentsstart-servicestop-service
NDISAccess Allowed for Local Systempause-continue-servicenterrogate-serviceservice-user-defined-control
NDISAccess Allowed for Administratorsstandard-readstandard-write-ownerstandard-write-dac
NDISAccess Allowed for Administratorsstandard-deletequery-service-configchange-service-config
Results were truncated.
Expand Severity Title Port/Service
2
Microsoft Windows Effective Permission on Shares Enumerated
QID:
105185
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
07/22/2009
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Effective security permissions for shares on the target host are enumerated.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
shareSHARE TYPEACE TYPENAMEPRIMARY GROUPACE1ACE2ACE3ADDITIONAL INFO
ADMIN$Hidden DirectoryAccess Allowed for GroupNT SERVICE\TrustedInstallerNT SERVICE\TrustedInstallergeneric-allstandard-readstandard-write-owner-
ADMIN$Hidden DirectoryAccess Allowed for GroupNT SERVICE\TrustedInstallerNT SERVICE\TrustedInstallerstandard-write-dacstandard-delete--
ADMIN$Hidden DirectoryAccess Allowed for GroupLocal SystemNT SERVICE\TrustedInstallergeneric-allstandard-readstandard-delete-
ADMIN$Hidden DirectoryAccess Allowed for GroupAdministratorsNT SERVICE\TrustedInstallergeneric-allstandard-readstandard-delete-
ADMIN$Hidden DirectoryAccess Allowed for GroupUsersNT SERVICE\TrustedInstallergeneric-readgeneric-executestandard-read-
ADMIN$Hidden DirectoryAccess Allowed for GroupCreator OwnerNT SERVICE\TrustedInstallergeneric-all---
BackupServerDirectoryAccess Allowed for GroupLocal SystemDomain Users Groupstandard-readstandard-write-ownerstandard-write-dac-
BackupServerDirectoryAccess Allowed for GroupLocal SystemDomain Users Groupstandard-delete---
BackupServerDirectoryAccess Allowed for UserASNTDOMAIN1\jamesfox.adminDomain Users Groupstandard-readstandard-write-ownerstandard-write-dac-
BackupServerDirectoryAccess Allowed for UserASNTDOMAIN1\jamesfox.adminDomain Users Groupstandard-delete---
BackupServerDirectoryAccess Allowed for GroupASNTDOMAIN1\CAS Backup Machine Backup Accounts ASNTDOMAIN1Domain Users Groupstandard-read---
BackupServerDirectoryAccess Allowed for GroupAD\CAS OU AdminsDomain Users Groupstandard-readstandard-write-ownerstandard-write-dac-
BackupServerDirectoryAccess Allowed for GroupAD\CAS OU AdminsDomain Users Groupstandard-delete---
BackupServerDirectoryAccess Allowed for UserAD\thensley.admDomain Users Groupstandard-readstandard-write-ownerstandard-write-dac-
BackupServerDirectoryAccess Allowed for UserAD\thensley.admDomain Users Groupstandard-delete---
BackupServerDirectoryAccess Allowed for UserAD\jamesfox.admDomain Users Groupstandard-read---
BackupServerDirectoryAccess Allowed for GroupAD\CAS Backup Machine Backup AccountsDomain Users Groupstandard-readstandard-write-ownerstandard-write-dac-
BackupServerDirectoryAccess Allowed for GroupAD\CAS Backup Machine Backup AccountsDomain Users Groupstandard-delete---
BackupServerDirectoryAccess Allowed for GroupAdministratorsDomain Users Groupstandard-readstandard-write-ownerstandard-write-dac-
BackupServerDirectoryAccess Allowed for GroupAdministratorsDomain Users Groupstandard-delete---
BackupServerDirectoryAccess Allowed for GroupDomain Admins GroupDomain Users Groupstandard-readstandard-write-ownerstandard-write-dac-
BackupServerDirectoryAccess Allowed for GroupDomain Admins GroupDomain Users Groupstandard-delete---
BackupServerDirectoryAccess Allowed for UserAD\cas bob-backup.svcDomain Users Groupstandard-readstandard-delete--
C$Hidden DirectoryAccess Allowed for GroupLocal SystemNT SERVICE\TrustedInstallerstandard-readstandard-write-ownerstandard-write-dac-
C$Hidden DirectoryAccess Allowed for GroupLocal SystemNT SERVICE\TrustedInstallerstandard-delete---
C$Hidden DirectoryAccess Allowed for GroupAdministratorsNT SERVICE\TrustedInstallerstandard-readstandard-write-ownerstandard-write-dac-
C$Hidden DirectoryAccess Allowed for GroupAdministratorsNT SERVICE\TrustedInstallerstandard-delete---
C$Hidden DirectoryAccess Allowed for GroupUsersNT SERVICE\TrustedInstallerstandard-read---
C$Hidden DirectoryAccess Allowed for GroupCreator OwnerNT SERVICE\TrustedInstallergeneric-all---
Citrix PVS VdisksDirectoryAccess Allowed for GroupAllDomain Users Groupstandard-readstandard-write-ownerstandard-write-dac-
Citrix PVS VdisksDirectoryAccess Allowed for GroupAllDomain Users Groupstandard-delete---
Citrix PVS VdisksDirectoryAccess Allowed for GroupLocal SystemDomain Users Groupstandard-readstandard-write-ownerstandard-write-dac-
Citrix PVS VdisksDirectoryAccess Allowed for GroupLocal SystemDomain Users Groupstandard-delete---
Citrix PVS VdisksDirectoryAccess Allowed for UserAD\tcandrew.admDomain Users Groupstandard-readstandard-write-ownerstandard-write-dac-
Citrix PVS VdisksDirectoryAccess Allowed for UserAD\tcandrew.admDomain Users Groupstandard-delete---
Citrix PVS VdisksDirectoryAccess Allowed for GroupAdministratorsDomain Users Groupstandard-readstandard-write-ownerstandard-write-dac-
Citrix PVS VdisksDirectoryAccess Allowed for GroupAdministratorsDomain Users Groupstandard-delete---
D$Hidden DirectoryAccess Allowed for GroupAdministratorsLocal Systemstandard-read---
D$Hidden DirectoryAccess Allowed for GroupLocal SystemLocal Systemstandard-read---
D$Hidden DirectoryAccess Allowed for GroupUsersLocal Systemstandard-read---
D$Hidden DirectoryAccess Allowed for GroupAllLocal Systemstandard-read---
E$Hidden DirectoryAccess Allowed for GroupAdministratorsLocal Systemstandard-read---
E$Hidden DirectoryAccess Allowed for GroupLocal SystemLocal Systemstandard-read---
E$Hidden DirectoryAccess Allowed for GroupUsersLocal Systemstandard-read---
E$Hidden DirectoryAccess Allowed for GroupAllLocal Systemstandard-read---
F$Hidden DirectoryAccess Allowed for GroupAdministratorsLocal Systemstandard-read---
F$Hidden DirectoryAccess Allowed for GroupLocal SystemLocal Systemstandard-read---
F$Hidden DirectoryAccess Allowed for GroupUsersLocal Systemstandard-read---
F$Hidden DirectoryAccess Allowed for GroupAllLocal Systemstandard-read---
IPC$Hidden_IPCNo_Explicit_DACLS-----Results_may_be_incomplete
svagDirectoryAccess Allowed for UserAD\cas svag1 sql.svcDomain Users Groupstandard-readstandard-delete--
svagDirectoryAccess Allowed for GroupLocal SystemDomain Users Groupstandard-readstandard-write-ownerstandard-write-dac-
svagDirectoryAccess Allowed for GroupLocal SystemDomain Users Groupstandard-delete---
svagDirectoryAccess Allowed for UserASNTDOMAIN1\jamesfox.adminDomain Users Groupstandard-readstandard-write-ownerstandard-write-dac-
svagDirectoryAccess Allowed for UserASNTDOMAIN1\jamesfox.adminDomain Users Groupstandard-delete---
svagDirectoryAccess Allowed for GroupASNTDOMAIN1\CAS Backup Machine Backup Accounts ASNTDOMAIN1Domain Users Groupstandard-read---
svagDirectoryAccess Allowed for GroupAD\CAS OU AdminsDomain Users Groupstandard-readstandard-write-ownerstandard-write-dac-
svagDirectoryAccess Allowed for GroupAD\CAS OU AdminsDomain Users Groupstandard-delete---
svagDirectoryAccess Allowed for UserAD\thensley.admDomain Users Groupstandard-readstandard-write-ownerstandard-write-dac-
svagDirectoryAccess Allowed for UserAD\thensley.admDomain Users Groupstandard-delete---
svagDirectoryAccess Allowed for GroupAD\CAS Backup Machine Backup AccountsDomain Users Groupstandard-readstandard-write-ownerstandard-write-dac-
svagDirectoryAccess Allowed for GroupAD\CAS Backup Machine Backup AccountsDomain Users Groupstandard-delete---
svagDirectoryAccess Allowed for GroupAdministratorsDomain Users Groupstandard-readstandard-write-ownerstandard-write-dac-
svagDirectoryAccess Allowed for GroupAdministratorsDomain Users Groupstandard-delete---
Expand Severity Title Port/Service
2
Microsoft Windows Hardening - Service Configuration
QID:
105187
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
06/06/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The service configuration for each win32 service, including the service startup type and service account name, is enumerated.

Turning off non-essential services is an important step in hardening a Windows system.

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
NameStarttypeAccountName
Application ExperienceManuallocalSystem
Application Layer Gateway ServiceManualNT AUTHORITY\LocalService
Application IdentityManualNT Authority\LocalService
Application InformationManualLocalSystem
Application ManagementManualLocalSystem
ASP.NET State ServiceManualNT AUTHORITY\NetworkService
Windows Audio Endpoint BuilderManualLocalSystem
Windows AudioManualNT AUTHORITY\LocalService
Base Filtering EngineAutomaticNT AUTHORITY\LocalService
Background Intelligent Transfer ServiceManualLocalSystem
Computer BrowserDisabledLocalSystem
Symantec Event ManagerAutomaticLocalSystem
Symantec Settings ManagerAutomaticLocalSystem
Certificate PropagationManualLocalSystem
Microsoft .NET Framework NGEN v2.0.50727 X86DisabledLocalSystem
Microsoft .NET Framework NGEN v2.0.50727 X64DisabledLocalSystem
Microsoft .NET Framework NGEN v4.0.30319 X86AutomaticLocalSystem
Microsoft .NET Framework NGEN v4.0.30319 X64AutomaticLocalSystem
COM+ System ApplicationManualLocalSystem
CrashPlan PRO ServerAutomaticLocalSystem
Cryptographic ServicesAutomaticNT Authority\NetworkService
DCOM Server Process LauncherAutomaticLocalSystem
Disk DefragmenterManuallocalSystem
DHCP ClientAutomaticNT Authority\LocalService
DNS ClientAutomaticNT AUTHORITY\NetworkService
Wired AutoConfigManuallocalSystem
Diagnostic Policy ServiceAutomaticNT AUTHORITY\LocalService
Extensible Authentication ProtocolManuallocalSystem
Encrypting File System (EFS)ManualLocalSystem
Windows Event LogAutomaticNT AUTHORITY\LocalService
COM+ Event SystemAutomaticNT AUTHORITY\LocalService
Microsoft Fibre Channel Platform Registration ServiceManualNT AUTHORITY\LocalService
Function Discovery Provider HostManualNT AUTHORITY\LocalService
Function Discovery Resource PublicationManualNT AUTHORITY\LocalService
Windows Font Cache ServiceAutomaticNT AUTHORITY\LocalService
Group Policy ClientAutomaticLocalSystem
Human Interface Device AccessManualLocalSystem
Health Key and Certificate ManagementManuallocalSystem
InstallDriver Table ManagerManualLocalSystem
IKE and AuthIP IPsec Keying ModulesAutomaticLocalSystem
PnP-X IP Bus EnumeratorDisabledLocalSystem
IP HelperAutomaticLocalSystem
CNG Key IsolationManualLocalSystem
KtmRm for Distributed Transaction CoordinatorManualNT AUTHORITY\NetworkService
ServerAutomaticLocalSystem
WorkstationAutomaticNT AUTHORITY\NetworkService
LiveUpdateManualLocalSystem
Link-Layer Topology Discovery MapperManualNT AUTHORITY\LocalService
TCP/IP NetBIOS HelperAutomaticNT AUTHORITY\LocalService
MRMonitorAutomaticLocalSystem
Multimedia Class SchedulerManualLocalSystem
Windows FirewallAutomaticNT Authority\LocalService
Distributed Transaction CoordinatorAutomaticNT AUTHORITY\NetworkService
Microsoft iSCSI Initiator ServiceManualLocalSystem
Windows InstallerManualLocalSystem
MSMFrameworkAutomaticLocalSystem
Network Access Protection AgentManualNT AUTHORITY\NetworkService
NetlogonAutomaticLocalSystem
Network ConnectionsManualLocalSystem
Net.Msmq Listener AdapterDisabledNT AUTHORITY\NetworkService
Net.Pipe Listener AdapterDisabledNT AUTHORITY\LocalService
Network List ServiceManualNT AUTHORITY\LocalService
Net.Tcp Listener AdapterDisabledNT AUTHORITY\LocalService
Net.Tcp Port Sharing ServiceDisabledNT AUTHORITY\LocalService
Network Location AwarenessAutomaticNT AUTHORITY\NetworkService
Network Store Interface ServiceAutomaticNT Authority\LocalService
Performance Counter DLL HostManualNT AUTHORITY\LocalService
Performance Logs & AlertsManualNT AUTHORITY\LocalService
Plug and PlayAutomaticLocalSystem
IPsec Policy AgentManualNT Authority\NetworkService
PowerAutomaticLocalSystem
User Profile ServiceAutomaticLocalSystem
Protected StorageManualLocalSystem
Remote Access Auto Connection ManagerManuallocalSystem
Remote Access Connection ManagerManuallocalSystem
Routing and Remote AccessDisabledlocalSystem
Remote RegistryAutomaticNT AUTHORITY\LocalService
RPC Endpoint MapperAutomaticNT AUTHORITY\NetworkService
Remote Procedure Call (RPC) LocatorManualNT AUTHORITY\NetworkService
Remote Procedure Call (RPC)AutomaticNT AUTHORITY\NetworkService
Resultant Set of Policy ProviderAutomaticLocalSystem
Special Administration Console HelperManualLocalSystem
Security Accounts ManagerAutomaticLocalSystem
Smart CardManualNT AUTHORITY\LocalService
Task SchedulerAutomaticLocalSystem
Smart Card Removal PolicyManualLocalSystem
Secondary LogonManualLocalSystem
System Event Notification ServiceAutomaticLocalSystem
Remote Desktop ConfigurationManuallocalSystem
Internet Connection Sharing (ICS)AutomaticLocalSystem
Shell Hardware DetectionAutomaticLocalSystem
Symantec Management ClientAutomaticLocalSystem
Symantec Network Access ControlDisabledLocalSystem
SNMP TrapManualNT AUTHORITY\LocalService
SplunkdAutomaticLocalSystem
SplunkwebAutomaticLocalSystem
Print SpoolerAutomaticLocalSystem
Software ProtectionAutomaticNT AUTHORITY\NetworkService
SPP Notification ServiceManualNT AUTHORITY\LocalService
SSDP DiscoveryDisabledNT AUTHORITY\LocalService
Secure Socket Tunneling Protocol ServiceManualNT Authority\LocalService
Microsoft Software Shadow Copy ProviderManualLocalSystem
TelephonyManualNT AUTHORITY\NetworkService
TPM Base ServicesManualNT AUTHORITY\LocalService
Remote Desktop ServicesManualNT Authority\NetworkService
Thread Ordering ServerManualNT AUTHORITY\LocalService
Distributed Link Tracking ClientAutomaticLocalSystem
Windows Modules InstallerManuallocalSystem
Interactive Services DetectionManualLocalSystem
Remote Desktop Services UserMode Port RedirectorManuallocalSystem
UPnP Device HostDisabledNT AUTHORITY\LocalService
Desktop Window Manager Session ManagerAutomaticlocalSystem
Credential ManagerManualLocalSystem
Virtual DiskManualLocalSystem
Volume Shadow CopyManualLocalSystem
Windows TimeManualNT AUTHORITY\LocalService
Block Level Backup Engine ServiceManualLocalSystem
Windows Color SystemManualNT AUTHORITY\LocalService
Diagnostic Service HostManualNT AUTHORITY\LocalService
Diagnostic System HostManualLocalSystem
Windows Event CollectorManualNT AUTHORITY\NetworkService
Problem Reports and Solutions Control Panel SupportManuallocalSystem
Windows Error Reporting ServiceManuallocalSystem
WinHTTP Web Proxy Auto-Discovery ServiceManualNT AUTHORITY\LocalService
Windows Management InstrumentationAutomaticlocalSystem
Windows Remote Management (WS-Management)AutomaticNT AUTHORITY\NetworkService
WMI Performance AdapterManuallocalSystem
Portable Device Enumerator ServiceManualLocalSystem
Windows UpdateAutomaticLocalSystem
Windows Driver Foundation - User-mode Driver FrameworkAutomaticLocalSystem
Expand Severity Title Port/Service
2
Microsoft Windows Folder Permission Check - Folders Under SystemRoot
QID:
105188
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/11/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Permissions for critical system files and folders are enumerated. Keeping these files and folders secure is critical for keeping the system secure.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Type: SOX
Section: N/A
Description: All critical network segments and those network segments containing servers/equipment performing production process/support of Sarbanes applications/data are protected by proven and tested firewalls at all network entry points.

EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
------------------------------------------------------------
%windir%
------------------------------------------------------------
SYSTEMaccess_allowed standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write
Administratorsaccess_allowed standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write
Usersaccess_allowed standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write
Creator_Owneraccess_allowedinherit_only=true object_inherit=true container_inherit=truestandard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write
------------------------------------------------------------
%windir%\AppPatch
------------------------------------------------------------
SYSTEMaccess_allowed standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write
Administratorsaccess_allowed standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write
Usersaccess_allowed standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write
Creator_Owneraccess_allowedinherit_only=true object_inherit=true container_inherit=truestandard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write
------------------------------------------------------------
%windir%\debug
------------------------------------------------------------
SYSTEMaccess_allowed standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write
Administratorsaccess_allowed standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write
Usersaccess_allowed standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write
Creator_Owneraccess_allowedinherit_only=true object_inherit=true container_inherit=truestandard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write
------------------------------------------------------------
%windir%\Help
------------------------------------------------------------
SYSTEMaccess_allowed standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write
Administratorsaccess_allowed standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write
Usersaccess_allowed standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write
Creator_Owneraccess_allowedinherit_only=true object_inherit=true container_inherit=truestandard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write
------------------------------------------------------------
%windir%\inf
------------------------------------------------------------
SYSTEMaccess_allowed standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write
Administratorsaccess_allowed standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write
Usersaccess_allowed standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write
Creator_Owneraccess_allowedinherit_only=true object_inherit=true container_inherit=truestandard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write
------------------------------------------------------------
%windir%\installer
------------------------------------------------------------
SYSTEMaccess_allowedobject_inherit=true container_inherit=truestandard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write
Everyoneaccess_allowedobject_inherit=true container_inherit=truestandard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write
Administratorsaccess_allowedobject_inherit=true container_inherit=truestandard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write
------------------------------------------------------------
%windir%\media
------------------------------------------------------------
SYSTEMaccess_allowed standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write
Administratorsaccess_allowed standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write
Usersaccess_allowed standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write
Creator_Owneraccess_allowedinherit_only=true object_inherit=true container_inherit=truestandard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write
------------------------------------------------------------
%windir%\Registration
------------------------------------------------------------
Administratorsaccess_allowedobject_inherit=truestandard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write
Everyoneaccess_allowedobject_inherit=truestandard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write
SYSTEMaccess_allowedobject_inherit=truestandard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write
------------------------------------------------------------
%windir%\security
------------------------------------------------------------
SYSTEMaccess_allowed standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write
Administratorsaccess_allowed standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write
Usersaccess_allowed standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write
Creator_Owneraccess_allowedinherit_only=true object_inherit=true container_inherit=truestandard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write
------------------------------------------------------------
%windir%\Temp
------------------------------------------------------------
Usersaccess_allowedcontainer_inherit=truestandard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write
Administratorsaccess_allowed standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write
SYSTEMaccess_allowed standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write
Creator_Owneraccess_allowedinherit_only=true object_inherit=true container_inherit=truestandard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write
------------------------------------------------------------
%ProgramFiles%\Common Files
------------------------------------------------------------
SYSTEMaccess_allowed standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write
Administratorsaccess_allowed standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write
Usersaccess_allowed standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write
Creator_Owneraccess_allowedinherit_only=true object_inherit=true container_inherit=truestandard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write
Expand Severity Title Port/Service
2
Microsoft Windows Folder Permission Check - Folders Under System32
QID:
105189
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/11/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The permissions of critical folders under the System32 directory are enumerated.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
------------------------------------------------------------
%windir%\System32
------------------------------------------------------------
SYSTEMaccess_allowed standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write
Administratorsaccess_allowed standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write
Usersaccess_allowed standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write
Creator_Owneraccess_allowedinherit_only=true object_inherit=true container_inherit=truestandard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write
------------------------------------------------------------
%windir%\System32\ias
------------------------------------------------------------
Administratorsaccess_allowed standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write
NETWORK_SERVICEaccess_allowed standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write
SYSTEMaccess_allowed standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write
------------------------------------------------------------
%windir%\System32\Config
------------------------------------------------------------
SYSTEMaccess_allowedobject_inherit=true container_inherit=truestandard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write
Administratorsaccess_allowedobject_inherit=true container_inherit=truestandard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write
Creator_Owneraccess_allowedinherit_only=true object_inherit=true container_inherit=truestandard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write
------------------------------------------------------------
%windir%\System32\spool\printers
------------------------------------------------------------
Usersaccess_allowedcontainer_inherit=truestandard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write
Administratorsaccess_allowed standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write
Creator_Owneraccess_allowedinherit_only=true object_inherit=true container_inherit=truestandard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write
SYSTEMaccess_allowedobject_inherit=true container_inherit=truestandard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write
------------------------------------------------------------
%windir%\System32\LogFiles
------------------------------------------------------------
SYSTEMaccess_allowed standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write
Administratorsaccess_allowed standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write
Usersaccess_allowed standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write
Creator_Owneraccess_allowedinherit_only=true object_inherit=true container_inherit=truestandard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write
------------------------------------------------------------
%windir%\System32\inetsrv
------------------------------------------------------------
SYSTEMaccess_allowed standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write
Administratorsaccess_allowed standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write
Usersaccess_allowed standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write
Creator_Owneraccess_allowedinherit_only=true object_inherit=true container_inherit=truestandard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write
Expand Severity Title Port/Service
2
Microsoft Windows File Security Check - C: System Files
QID:
105190
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
04/13/2006
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The security permissions for system files which are located on C: (primary partition drive) are enumerated. It is important that these files are properly secured.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Type: HIPAA
Section: 164.308(a)(ii)(D)
Description: Password management (Addressable). Procedures for creating, changing, and safeguarding passwords.

Type: SOX
Section: N/A
Description: Every user has a confidential password for access into a Company's system resources. These passwords are: 1) Changed frequently, as all individual users are automatically required to change their passwords 2) The display and printing of passwords is masked, suppressed, or otherwise obscured so that unauthorized parties will not be able to observe or subsequently recover them.

EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
------------------------------------------------------------
c:\
------------------------------------------------------------
SYSTEMaccess_allowedobject_inherit=true container_inherit=truestandard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write
Administratorsaccess_allowedobject_inherit=true container_inherit=truestandard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write
Usersaccess_allowedobject_inherit=true container_inherit=truestandard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write
Creator_Owneraccess_allowedinherit_only=true object_inherit=true container_inherit=truestandard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write
------------------------------------------------------------
%ProgramFiles%
------------------------------------------------------------
SYSTEMaccess_allowed standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write
Administratorsaccess_allowed standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write
Usersaccess_allowed standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write
Creator_Owneraccess_allowedinherit_only=true object_inherit=true container_inherit=truestandard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write
------------------------------------------------------------
%CommonProgramFiles%
------------------------------------------------------------
SYSTEMaccess_allowed standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write
Administratorsaccess_allowed standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write
Usersaccess_allowed standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write
Creator_Owneraccess_allowedinherit_only=true object_inherit=true container_inherit=truestandard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write
Expand Severity Title Port/Service
2
Microsoft Windows Folder Security - Folders Under Document and Settings
QID:
105191
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/11/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The permissions of common folders under the Document and Settings folder are enumerated.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
------------------------------------------------------------
%userprofile%\Administrator
------------------------------------------------------------
SYSTEMaccess_allowedobject_inherit=true container_inherit=truestandard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write
Administratorsaccess_allowedobject_inherit=true container_inherit=truestandard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write
cas.adminaccess_allowedobject_inherit=true container_inherit=truestandard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write
AD\semone.admaccess_allowedobject_inherit=true container_inherit=truestandard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write
Expand Severity Title Port/Service
2
Administrator Group Members Enumerated
QID:
105231
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
08/30/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Members of the built-in Administrator Group are enumerated from the target Microsoft Windows system.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Administrators CAS-ENTBKUP1\cas.admin
Administrators AD\CAS_Server Admins
Administrators AD\CAS_OU Admins
Administrators AD\CAS_Backup Admins
Administrators AD\DOM_Qualys Scanners
Expand Severity Title Port/Service
2
Security Permissions for Important CIFS Pipes
QID:
105244
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
09/29/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The security permissions for important operating system created named pipes are enumerated from the target Microsoft Windows system.
IMPACT:
Critical system interfaces are exposed through several CIFS pipes. Insecure permission settings can aid unauthorized access.
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
------------------------------------------------------------
\SAMR
------------------------------------------------------------
Everyone access_allowed read_extended_attributes standard_read write_extended_attributes write_data write_attributes read_data read_attributes
AnonymousLogon access_allowed read_extended_attributes standard_read write_extended_attributes write_data write_attributes read_data read_attributes
Administrators access_allowed standard_write_owner standard_write_dac standard_read write_attributes read_attributes delete_child read_extended_attributes execute write_extended_attributes write_data append_data read_data standard_delete
------------------------------------------------------------
\eventlog
------------------------------------------------------------
Everyone access_allowed read_extended_attributes standard_read write_extended_attributes write_data write_attributes read_data read_attributes
------------------------------------------------------------
\winreg
------------------------------------------------------------
Everyone access_allowed read_extended_attributes standard_read write_extended_attributes write_data write_attributes read_data read_attributes
AnonymousLogon access_allowed read_extended_attributes standard_read write_extended_attributes write_data write_attributes read_data read_attributes
------------------------------------------------------------
\srvsvc
------------------------------------------------------------
AnonymousLogon access_allowed read_extended_attributes standard_read write_extended_attributes write_data write_attributes read_data read_attributes
Everyone access_allowed read_extended_attributes standard_read write_extended_attributes write_data write_attributes read_data read_attributes
SYSTEM access_allowed standard_write_owner standard_write_dac standard_read write_attributes read_attributes delete_child read_extended_attributes execute write_extended_attributes write_data append_data read_data standard_delete
------------------------------------------------------------
\lsass
------------------------------------------------------------
Everyone access_allowed read_extended_attributes standard_read write_extended_attributes write_data write_attributes read_data read_attributes
AnonymousLogon access_allowed read_extended_attributes standard_read write_extended_attributes write_data write_attributes read_data read_attributes
Administrators access_allowed standard_write_owner standard_write_dac standard_read write_attributes read_attributes delete_child read_extended_attributes execute write_extended_attributes write_data append_data read_data standard_delete
------------------------------------------------------------
\svcctl
------------------------------------------------------------
Everyone access_allowed read_extended_attributes standard_read write_extended_attributes write_data write_attributes read_data read_attributes
AnonymousLogon access_allowed read_extended_attributes standard_read write_extended_attributes write_data write_attributes read_data read_attributes
Administrators access_allowed standard_write_owner standard_write_dac standard_read write_attributes read_attributes delete_child read_extended_attributes execute write_extended_attributes write_data append_data read_data standard_delete
------------------------------------------------------------
\wkssvc
------------------------------------------------------------
AnonymousLogon access_allowed read_extended_attributes standard_read write_extended_attributes write_data write_attributes read_data read_attributes
Everyone access_allowed read_extended_attributes standard_read write_extended_attributes write_data write_attributes read_data read_attributes
SYSTEM access_allowed standard_write_owner standard_write_dac standard_read write_attributes read_attributes delete_child read_extended_attributes execute write_extended_attributes write_data append_data read_data standard_delete
NETWORK_SERVICE access_allowed standard_write_owner standard_write_dac standard_read write_attributes read_attributes delete_child read_extended_attributes execute write_extended_attributes write_data append_data read_data standard_delete
------------------------------------------------------------
\NETLOGON
------------------------------------------------------------
Everyone access_allowed read_extended_attributes standard_read write_extended_attributes write_data write_attributes read_data read_attributes
AnonymousLogon access_allowed read_extended_attributes standard_read write_extended_attributes write_data write_attributes read_data read_attributes
Administrators access_allowed standard_write_owner standard_write_dac standard_read write_attributes read_attributes delete_child read_extended_attributes execute write_extended_attributes write_data append_data read_data standard_delete
Expand Severity Title Port/Service
2
Last Successful User Login
QID:
105311
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
02/01/2007
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The last successful user login was able to be determined. Refer to the Results section of this QID for details.
IMPACT:
Please make sure this finding is in compliance with your company's security policy.
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
HKLM\Software\Microsoft\Windows\CurrentVersion\Authentication\LogonUI
LastLoggedOnProvider = {6F45DC1E-5384-457A-BC13-2CD81B0D28ED}
HKLM\Software\Microsoft\Windows\CurrentVersion\Authentication\LogonUI
LastLoggedOnSAMUser = AD\semone.adm
HKLM\Software\Microsoft\Windows\CurrentVersion\Authentication\LogonUI
LastLoggedOnUser = AD\semone.adm
Expand Severity Title Port/Service
2
Windows Shares With Everyone Group Having Full Control
QID:
105316
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
09/18/2007
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
This vulnerability check gathers information about Windows shares in which the Everyone Group has full control permission. The Result section lists the group name which has full control for the "Everyone" group.
IMPACT:
Please make sure the information provided adheres to your company policy.
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
shareACE TYPEACE1
Citrix PVS VdisksEveryone GroupFull-Control
Expand Severity Title Port/Service
2
Windows Shares With Everyone Group Having Any Access
QID:
105317
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
09/18/2007
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
This vulnerability check gathers information about Windows shares in which the Everyone Group has any access permission. The Result section lists the group name.
IMPACT:
Please make sure the information provided adheres to your company policy.
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
shareACE TYPE
Citrix PVS VdisksSome access allowed for Everyone group
Expand Severity Title Port/Service
2
Microsoft Windows Permission on Shares Enumerated
QID:
105335
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
08/03/2009
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Security permissions for shares on the target host are enumerated.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
shareSHARE TYPEACE TYPENAMEOWNERACE1ACE2ACE3
ADMIN$Hidden_DirectoryNo_Explicit_DACLS-----
BackupServerDirectoryAccess Allowed for GroupASNTDOMAIN1\CAS Backup Machine Backup Accounts ASNTDOMAIN1AD\thensley.admstandard-read--BackupServerDirectoryAccess Allowed for GroupDomain Admins GroupAD\thensley.admstandard-readstandard-write-ownerstandard-write-dacBackupServerDirectoryAccess Allowed for GroupDomain Admins GroupAD\thensley.admstandard-delete--BackupServerDirectoryAccess Allowed for GroupAD\CAS OU AdminsAD\thensley.admstandard-readstandard-write-ownerstandard-write-dacBackupServerDirectoryAccess Allowed for GroupAD\CAS OU AdminsAD\thensley.admstandard-delete--BackupServerDirectoryAccess Allowed for GroupAD\CAS Backup Machine Backup AccountsAD\thensley.admstandard-read--BackupServerDirectoryAccess Allowed for UserAD\cas bob-backup.svcAD\thensley.admstandard-readstandard-delete-BackupServerDirectoryAccess Allowed for GroupAdministratorsAD\thensley.admstandard-readstandard-write-ownerstandard-write-dacBackupServerDirectoryAccess Allowed for GroupAdministratorsAD\thensley.admstandard-delete--C$Hidden_DirectoryNo_Explicit_DACLS-----
Citrix PVS VdisksDirectoryAccess Allowed for GroupAdministratorsAD\tcandrew.admstandard-readstandard-write-ownerstandard-write-dacCitrix PVS VdisksDirectoryAccess Allowed for GroupAdministratorsAD\tcandrew.admstandard-delete--Citrix PVS VdisksDirectoryAccess Allowed for GroupAllAD\tcandrew.admstandard-readstandard-write-ownerstandard-write-dacCitrix PVS VdisksDirectoryAccess Allowed for GroupAllAD\tcandrew.admstandard-delete--D$Hidden_DirectoryNo_Explicit_DACLS-----
E$Hidden_DirectoryNo_Explicit_DACLS-----
F$Hidden_DirectoryNo_Explicit_DACLS-----
IPC$Hidden_IPCNo_Explicit_DACLS-----
svagDirectoryAccess Allowed for GroupAdministratorsAD\thensley.admstandard-readstandard-write-ownerstandard-write-dacsvagDirectoryAccess Allowed for GroupAdministratorsAD\thensley.admstandard-delete--svagDirectoryAccess Allowed for UserAD\cas svag1 sql.svcAD\thensley.admstandard-readstandard-delete-
Expand Severity Title Port/Service
2
Web Server Probed For Various URL-Encoding Schemes Supported crashplan.oasis.unc.edu:4280/tcp
QID:
12059
Category:
CGI
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
02/12/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The target Web server was probed for various URL-encoding schemes that it supports.

Per this paper by Daniel Roelker that was presented at Defcon 11, popular Web servers like Microsoft IIS support a variety of encoding schemes for the URLs. These include Percent-escaped Hex Encoding, Double-percent Escaped Hex Encoding, Microsoft's %U Encoding, Percent-escaped 2-Byte UTF-8 Encoding, and Raw 2-Byte UTF-8 Encoding.

For a sample HTTP GET request, GET /. HTTP/1.0, the following illustrates the encoded URI under these schemes:


Percent-escaped Hex Encoding: GET /%2e HTTP/1.0

Double-percent Escaped Hex Encoding: GET /%252e HTTP/1.0

Percent-escaped 2-Byte UTF-8 Encoding: GET /%C0%AE HTTP/1.0

Raw 2-Byte UTF-8 Encoding: GET /\xC0\xAE HTTP/1.0 (Actual raw 0xC0 and 0xAE bytes)

Microsoft's %U Encoding: GET /%u002e HTTP/1.0

The supported encoding schemes are listed in the Results section.

URI encoding is relevant to Web server security since, as mentioned in the paper above, attackers could launch HTTP attacks while at the same time obfuscating the URIs to evade detection by Intrusion Detection Systems that are not capable of decoding the URIs.

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Single-%-Escaped Hex-Encoding Supported
Expand Severity Title Port/Service
2
Web Server Probed For Various URL-Encoding Schemes Supported crashplan.oasis.unc.edu:4285/tcp
QID:
12059
Category:
CGI
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
02/12/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The target Web server was probed for various URL-encoding schemes that it supports.

Per this paper by Daniel Roelker that was presented at Defcon 11, popular Web servers like Microsoft IIS support a variety of encoding schemes for the URLs. These include Percent-escaped Hex Encoding, Double-percent Escaped Hex Encoding, Microsoft's %U Encoding, Percent-escaped 2-Byte UTF-8 Encoding, and Raw 2-Byte UTF-8 Encoding.

For a sample HTTP GET request, GET /. HTTP/1.0, the following illustrates the encoded URI under these schemes:


Percent-escaped Hex Encoding: GET /%2e HTTP/1.0

Double-percent Escaped Hex Encoding: GET /%252e HTTP/1.0

Percent-escaped 2-Byte UTF-8 Encoding: GET /%C0%AE HTTP/1.0

Raw 2-Byte UTF-8 Encoding: GET /\xC0\xAE HTTP/1.0 (Actual raw 0xC0 and 0xAE bytes)

Microsoft's %U Encoding: GET /%u002e HTTP/1.0

The supported encoding schemes are listed in the Results section.

URI encoding is relevant to Web server security since, as mentioned in the paper above, attackers could launch HTTP attacks while at the same time obfuscating the URIs to evade detection by Intrusion Detection Systems that are not capable of decoding the URIs.

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Single-%-Escaped Hex-Encoding Supported
Expand Severity Title Port/Service
1
DNS Host Name
QID:
6
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
01/01/1999
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The fully qualified domain name of this host, if it was obtained from a DNS server, is displayed in the RESULT section.
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
IP addressHost name
152.2.41.22crashplan.oasis.unc.edu
Expand Severity Title Port/Service
1
Firewall Detected
QID:
34011
Category:
Firewall
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
10/16/2001
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
A packet filtering device protecting this IP was detected. This is likely to be a firewall or a router using access control lists (ACLs).
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Some of the ports filtered by the firewall are: 20, 21, 22, 23, 25, 53, 80, 111, 443, 1.

Listed below are the ports filtered by the firewall.
No response has been received when any of these ports is probed.
1-134,136-138,140-444,446-1705,1707-1999,2001-2146,2148-2512,2514-2701,
2703-3070,3072-3388,3390-4279,4281,4283-4284,4286-5630,5632-6128,6130-27598,
27600-42423,42425-49152,49155-65535
Expand Severity Title Port/Service
1
Network Adapter MAC Address
QID:
43007
Category:
Hardware
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
11/29/2004
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
It is possible to obtain the MAC address information of the network adapters on the target system. Various sources such as SNMP and NetBIOS provide such information. This vulnerability test attempts to gather and report on this information in a table format.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
MethodMAC AddressVendor
NBTSTAT00:26:B9:5E:EF:86
Expand Severity Title Port/Service
1
Processor Information for Windows Target System
QID:
43113
Category:
Hardware
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
06/20/2006
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Processor information for the Windows target host is shown in the Result section.
IMPACT:
n/a
SOLUTION:
n/a
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
HKLM\System\CurrentControlSet\Control\Session Manager\Environment
PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 26 Stepping 5, GenuineIntel
Expand Severity Title Port/Service
1
Target Network Information
QID:
45004
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
08/15/2013
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The information shown in the Result section was returned by the network infrastructure responsible for routing traffic from our cloud platform to the target network (where the scanner appliance is located).

This information was returned from: 1) the WHOIS service, or 2) the infrastructure provided by the closest gateway server to our cloud platform. If your ISP is routing traffic, your ISP's gateway server returned this information.

IMPACT:
This information can be used by malicious users to gather more information about the network infrastructure that may help in launching attacks against it.
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
The network handle is: UNCCH-NET
Network description:
University of North Carolina at Chapel Hill
Expand Severity Title Port/Service
1
Internet Service Provider
QID:
45005
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
08/15/2013
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The information shown in the Result section was returned by the network infrastructure responsible for routing traffic from our cloud platform to the target network (where the scanner appliance is located).

This information was returned from: 1) the WHOIS service, or 2) the infrastructure provided by the closest gateway server to our cloud platform. If your ISP is routing traffic, your ISP's gateway server returned this information.This information was gathered using the WHOIS service for the network and is believed to be the ISP of the target network.

IMPACT:
This information can be used by malicious users to gather more information about the network infrastructure that may aid in launching further attacks against it.
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
The ISP network handle is: UNCCH-NET
ISP Network description:
University of North Carolina at Chapel Hill
Expand Severity Title Port/Service
1
Traceroute
QID:
45006
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/09/2003
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Traceroute describes the path in realtime from the scanner to the remote host being contacted. It reports the IP addresses of all the routers in between.
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
HopsIPRound Trip TimeProbe
1152.2.20.10.55msICMP
2152.19.253.1050.99msICMP
3152.19.255.2541.24msICMP
4152.19.255.2101.10msICMP
5152.2.41.221.04msICMP
Expand Severity Title Port/Service
1
Disabled Accounts Enumerated From SAM Database
QID:
45027
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
10/29/2003
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The Security Accounts Manager holds user and machine account information. The scanner found at least one disabled user or machine account in the SAM database for the target Windows machine. The accounts found are listed in the Results section.
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Disabled User/Machine Accounts:
cas.admin cas.guest
Expand Severity Title Port/Service
1
Administrator Account's Real Name Found From LSA Enumeration
QID:
45032
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
02/17/2004
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
LSA (Local Security Authority Database) is a protected subsystem that authenticates and logs users onto the local system.

Windows systems by default have the administrator account's name configured as "Administrator". This can very easily be changed to a non-default value (like root, for example) to harden security against password bruteforcing.

LSA, internally, refers to user accounts by what are called RIDs (Relative IDs) instead of the friendlier names (like "Administrator") used only for GUI and display purposes. The administrator account on any Windows system always has a RID of 500, even if the name has been changed.

The scanner probed the LSA for the name that maps to the RID of 500, which is the administrator account name, changed or unchanged. The name is listed in the Result section below.

SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
cas.admin
Expand Severity Title Port/Service
1
Host Scan Time
QID:
45038
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
11/18/2004
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The Host Scan Time is the period of time it takes the scanning engine to perform the vulnerability assessment of a single target host. The Host Scan Time for this host is reported in the Result section below.

The Host Scan Time does not have a direct correlation to the Duration time as displayed in the Report Summary section of a scan results report. The Duration is the period of time it takes the service to perform a scan task. The Duration includes the time it takes the service to scan all hosts, which may involve parallel scanning. It also includes the time it takes for a scanner appliance to pick up the scan task and transfer the results back to the service's Secure Operating Center. Further, when a scan task is distributed across multiple scanners, the Duration includes the time it takes to perform parallel host scanning on all scanners.

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Scan duration: 2671 seconds

Start time: Sat, Mar 23 2013, 19:03:43 GMT

End time: Sat, Mar 23 2013, 19:48:14 GMT
Expand Severity Title Port/Service
1
Host Names Found
QID:
45039
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
02/14/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The following host names were discovered for this computer using various methods such as DNS look up, NetBIOS query, and SQL server name query.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Host NameSource
CAS-ENTBKUP1.ad.unc.eduNTLM DNS
crashplan.oasis.unc.eduFQDN
CAS-ENTBKUP1NTLM NetBIOS
CAS-ENTBKUP1NetBIOS
Expand Severity Title Port/Service
1
NTFS Settings Enumerated
QID:
45063
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
04/26/2006
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The NTFS settings on the target have been enumerated.
IMPACT:
n/a
SOLUTION:
For information on the significance of some of these settings, see this Microsoft TechNet article and this article published by a third party.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
HKLM\SYSTEM\CurrentControlSet\Control\Filesystem
NtfsDisable8dot3NameCreation = 0
HKLM\SYSTEM\CurrentControlSet\Control\Filesystem
NtfsDisableLastAccessUpdate = 0
HKLM\SYSTEM\CurrentControlSet\Control\Filesystem
Win31FileSystem = 0
Expand Severity Title Port/Service
1
Interface Names and Assigned IP Address Enumerated from Registry
QID:
45099
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
03/17/2009
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Interface names and IP addresses assigned to those interfaces are listed for Windows 2000 and later versions of Microsoft Windows Operating system. This test obtains this list by querying the registry database.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Interface: Broadcom BCM5716C NetXtreme II GigE (NDIS VBD Client)IP Address: 152.2.41.22
Expand Severity Title Port/Service
1
Microsoft Windows Management Instrumentation Service (WMI) Is Running
QID:
45183
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
12/04/2012
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Windows Management Instrumentation (WMI) is the infrastructure for management data and operations on Windows-based operating systems.

The target has WMI service installed and running.

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
winmgmt = RUNNING
Expand Severity Title Port/Service
1
Windows Authentication Method
QID:
70028
Category:
SMB / NETBIOS
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
12/09/2008
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Windows authentication was performed. The Results section in your detailed results includes a list of authentication credentials used.

The service also attempts to authenticate using common credentials. You should verify that the credentials used for successful authentication were those that were provided in the Windows authentication record. User-provided credentials failed if the discovery method shows "Unable to log in using credentials provided by user, fallback to NULL session". If this is the case, verify that the credentials specified in the Windows authentication record are valid for this host.

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
User NameDOM qualys.scn
DomainAD
Authentication SchemeKerberos
SecurityUser-based
SMBv1 SigningEnabled
Discovery MethodLogin credentials provided by user
Authentication RecordAD.UNC.EDU Credentials
CIFS VersionSMB v2.1
Expand Severity Title Port/Service
1
Windows Authentication Method for User-Provided Credentials
QID:
70053
Category:
SMB / NETBIOS
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
11/05/2009
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Windows authentication was performed and successful with user-provided credentials. The Results section in your detailed results includes a list of authentication credentials used.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
User NameDOM qualys.scn
DomainAD
Authentication SchemeKerberos
SecurityUser-based
SMBv1 SigningEnabled
Authentication RecordAD.UNC.EDU Credentials
Expand Severity Title Port/Service
1
Open UDP Services List
QID:
82004
Category:
TCP/IP
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
07/11/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
A port scanner was used to draw a map of all the UDP services on this host that can be accessed from the Internet.

Note that if the host is behind a firewall, there is a small chance that the list includes a few ports that are filtered or blocked by the firewall but are not actually open on the target host. This (false positive on UDP open ports) may happen when the firewall is configured to reject UDP packets for most (but not all) ports with an ICMP Port Unreachable packet. This may also happen when the firewall is configured to allow UDP packets for most (but not all) ports through and filter/block/drop UDP packets for only a few ports. Both cases are uncommon.

IMPACT:
Unauthorized users can exploit this information to test vulnerabilities in each of the open services.
SOLUTION:
Shut down any unknown or unused service on the list. If you have difficulty working out which service is provided by which process or program, contact your provider's support team. For more information about commercial and open-source Intrusion Detection Systems available for detecting port scanners of this kind, visit the CERT Web site.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
PortIANA Assigned Ports/ServicesDescriptionService Detected
137netbios-nsNETBIOS Name Servicenetbios ns
Expand Severity Title Port/Service
1
Open TCP Services List
QID:
82023
Category:
TCP/IP
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
06/15/2009
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The port scanner enables unauthorized users with the appropriate tools to draw a map of all services on this host that can be accessed from the Internet. The test was carried out with a "stealth" port scanner so that the server does not log real connections.

The Results section displays the port number (Port), the default service listening on the port (IANA Assigned Ports/Services), the description of the service (Description) and the service that the scanner detected using service discovery (Service Detected).

IMPACT:
Unauthorized users can exploit this information to test vulnerabilities in each of the open services.
SOLUTION:
Shut down any unknown or unused service on the list. If you have difficulty figuring out which service is provided by which process or program, contact your provider's support team. For more information about commercial and open-source Intrusion Detection Systems available for detecting port scanners of this kind, visit the CERT Web site.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
PortIANA Assigned Ports/ServicesDescriptionService DetectedOS On Redirected Port
135msrpc-epmapepmap DCE endpoint resolutionDCERPC Endpoint Mapper
139netbios-ssnNETBIOS Session Servicenetbios ssn
445microsoft-dsMicrosoft-DSmicrosoft-ds
3071unknownunknownunknown over ssl
4280unknownunknownhttp
4282unknownunknownunknown
4285unknownunknownhttp over ssl
27599unknownunknownunknown over ssl
49153unknownunknownunknown
49154unknownunknownunknown
Expand Severity Title Port/Service
1
ICMP Replies Received
QID:
82040
Category:
TCP/IP
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
01/16/2003
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
ICMP (Internet Control and Error Message Protocol) is a protocol encapsulated in IP packets. ICMP's principal purpose is to provide a protocol layer that informs gateways of the inter-connectivity and accessibility of other gateways or hosts.

We have sent the following types of packets to trigger the host to send us ICMP replies:

Echo Request (to trigger Echo Reply)
Timestamp Request (to trigger Timestamp Reply)
Address Mask Request (to trigger Address Mask Reply)
UDP Packet (to trigger Port Unreachable Reply)
IP Packet with Protocol >= 250 (to trigger Protocol Unreachable Reply)

Listed in the "Result" section are the ICMP replies that we have received.

SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
ICMP Reply TypeTriggered ByAdditional Information
Echo (type=0 code=0)Echo RequestEcho Reply
Expand Severity Title Port/Service
1
NetBIOS Host Name
QID:
82044
Category:
TCP/IP
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
01/20/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The NetBIOS host name of this computer has been detected.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
CAS-ENTBKUP1
Expand Severity Title Port/Service
1
Degree of Randomness of TCP Initial Sequence Numbers
QID:
82045
Category:
TCP/IP
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
11/19/2004
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
TCP Initial Sequence Numbers (ISNs) obtained in the SYNACK replies from the host are analyzed to determine how random they are. The average change between subsequent ISNs and the standard deviation from the average are displayed in the RESULT section. Also included is the degree of difficulty for exploitation of the TCP ISN generation scheme used by the host.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Average change between subsequent TCP initial sequence numbers is 1097982366 with a standard deviation of 542963219. These TCP initial sequence numbers were triggered by TCP SYN probes sent to the host at an average rate of 1/(7041 microseconds). The degree of difficulty to exploit the TCP initial sequence number generation scheme is: hard.
Expand Severity Title Port/Service
1
IP ID Values Randomness
QID:
82046
Category:
TCP/IP
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
07/27/2006
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The values for the identification (ID) field in IP headers in IP packets from the host are analyzed to determine how random they are. The changes between subsequent ID values for either the network byte ordering or the host byte ordering, whichever is smaller, are displayed in the RESULT section along with the duration taken to send the probes. When incremental values are used, as is the case for TCP/IP implementation in many operating systems, these changes reflect the network load of the host at the time this test was conducted.

Please note that for reliability reasons only the network traffic from open TCP ports is analyzed.

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
IP ID changes observed (network order) for port 135: 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1
Duration: 33 milli seconds
Expand Severity Title Port/Service
1
NetBIOS Workgroup Name Detected
QID:
82062
Category:
TCP/IP
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
06/02/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The NetBIOS workgroup or domain name for this system has been detected.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
AD
Expand Severity Title Port/Service
1
Enabled Winlogon CD-ROM Allocation
QID:
90010
Category:
Windows
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
08/28/2003
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The CD-ROM drives are allocated by winlogon.
IMPACT:
Unauthorized users may succeed in executing malicious programs by inserting a CD into the CD-ROM drive.
SOLUTION:
We recommend that CD-ROM allocations be restricted to users who are authenticated, and physically logged in. To set this restriction, locate the following registry key, and then set the REG_SZ 'AllocateCDRoms' entry to '1':

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon AllocateCDRoms = 0
Expand Severity Title Port/Service
1
Enabled Winlogon Floppy Disk Allocation
QID:
90011
Category:
Windows
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
08/28/2003
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The floppy disk drives are allocated by winlogon.
IMPACT:
Unauthorized users may be able to execute a malicious program from a floppy disk inserted into the floppy disk drive.
SOLUTION:
We recommend that you restrict floppy disk allocation to users who are authenticated, and physically logged in. To set this restriction, locate the following registry key, and then set the REG_SZ 'AllocateFloppies' entry to '1':

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon AllocateFloppies = 0
Expand Severity Title Port/Service
1
Windows CDROM Autorun Enabled
QID:
90012
Category:
Windows
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
02/03/2011
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Autorun is activated on this host. Windows Autorun enables programs located on CDs to be automatically launched when a CD is inserted in the CD-ROM drive.

If Autorun is enabled, it puts the machine into potential malaware risk or even virus infection. Mostly, viruses and worms are spread using the windows AutoRun feature.

In the past, Sony rootkit issue exploited machines that had Autorun enabled to secretly infect them by digital rights management software after playing certain CDs. The Downadup/Conficker worm is known to have infected a lot of machines and the use of the Autoplay functionality has been one of the major attack vector and propagation method for the worm to spread.

IMPACT:
If the machine can be accessed physically, then viruses or trojan attack programs can be installed with little difficulty.
SOLUTION:
We recommend that you remove the Autorun functionality. To do this, locate the following registry key, and then set the 'Autorun' entry to '0':

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CDRom

To selectively disable specific Autorun features, change the "NoDriveTypeAutoRun" entry in one of the following registry key subkeys:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\

The value of the NoDriveTypeAutoRun registry entry determines which drive or drives the Autorun functionality will be disabled for. Settings for the NoDriveTypeAutoRun registry entry are listed below:

0x1 = Disables AutoPlay on drives of unknown type
0x4 = Disables AutoPlay on removable drives
0x8 = Disables AutoPlay on fixed drives
0x10 = Disables AutoPlay on network drives
0x20 = Disables AutoPlay on CD-ROM drives
0x40 = Disables AutoPlay on RAM disks
0x80 = Disables AutoPlay on drives of unknown type
0xFF = Disables AutoPlay on all kinds of drives

You may also disable the service by setting the group policy object (GPO). HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun

Detailed steps on disabling the Autorun functionality for different Windows platforms through various methods are available at Microsoft Knowledge Base Articles KB967715 and KB953252.

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
HKLM\System\CurrentControlSet\Services\CDRom AutoRun = 1
Expand Severity Title Port/Service
1
Disabled Clear Page File
QID:
90013
Category:
Windows
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
08/28/2003
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Windows does not clear or recreate the page file on this system.
IMPACT:
This vulnerability could pose a threat to security and cause a drop in performance. Sensitive information, such as passwords or usernames, can be retrieved.
SOLUTION:
We recommend forcing Windows to clear the page file when the system shuts down. To do this, locate the following registry key, and then set the REG_SZ key 'ClearPageFileAtShutdown' to '1':

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
HKLM\System\CurrentControlSet\Control\Session Manager\Memory Management ClearPageFileAtShutdown = 0
Expand Severity Title Port/Service
1
Possible Log Recording Issues
QID:
90014
Category:
Windows
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
08/28/2003
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The Security Log might stop recording events when it is full.
IMPACT:
When the system's maximum log size is reached, security-related events will no longer be logged. No authorized or unauthorized activity will be recorded.
SOLUTION:
Administrators requiring total visibility of all access attempts may wish to enable the system crash on audit-fail. This will shutdown the system until the administrator logs in and purges the event log. To activate this feature, locate the following registry key, and then set the 'CrashOnAuditFail' entry to '1':

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
HKLM\System\CurrentControlSet\Control\Lsa CrashOnAuditFail = 0
Expand Severity Title Port/Service
1
Enabled Caching of Dial-up Password Feature
QID:
90015
Category:
Windows
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
08/28/2003
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Windows has a feature that enables the dial-up password to be saved and then be automatically provided during connection attempts. This feature has been activated on this system.
IMPACT:
Windows saves these passwords using very weak encryption. Therefore, unauthorized local users may be able to retreive passwords without much difficulty.

Since Windows automatically provides the saved dial-up password, unauthorized users with local access to this host can connect and dial the remote host without the password.

SOLUTION:
We recommend that you disable caching of the dial-up password. To do this, locate the following registry key, and then set the REG_DWORD 'DisableSavePassword' entry to '1':

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Rasman\Parameters

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
HKLM\System\CurrentControlSet\Services\Rasman\Parameters DisableSavePassword is missing.
Expand Severity Title Port/Service
1
Windows Services List
QID:
90065
Category:
Windows
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
10/31/2003
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The following Windows services were detected.
SOLUTION:
Stop unnused services, and set them to "Disabled" in the Windows "Services" Control Panel.
COMPLIANCE:
Type: GLBA
Section: N/A
Description: Identify users who use network services and who require access to necessary service configurations and authentication parameters.

Type: SOX
Section: N/A
Description: Limiting System Services Identify the following services and server function/usage:- Identify critical services open on the server (i.e., FTP, Telnet, SSH, SMTP, DNS, Finger, HTTP, POP3, Portmapper, NNTP, Samba, IMAP2, SNMP, HTTPS, NNTPS, IMAPS, POP3S, and MySQL)- Identify additional uses of the server that may cause vulnerabilities such as remote access methods for administration (i.e., PC Anywhere, radmin, VNC), NETBIOS, SQL Server databases, Terminal Services- Identify users who use network services and who have access to the necessary service configuration and authentication parameters

EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
NameStatusDescription
AeLookupSvc Application Experience
ALG Application Layer Gateway Service
AppIDSvc Application Identity
Appinfo Application Information
AppMgmt Application Management
aspnet_state ASP.NET State Service
AudioEndpointBuilder Windows Audio Endpoint Builder
AudioSrv Windows Audio
BFEstartedBase Filtering Engine
BITSstartedBackground Intelligent Transfer Service
Browser Computer Browser
ccEvtMgrstartedSymantec Event Manager
ccSetMgrstartedSymantec Settings Manager
CertPropSvcstartedCertificate Propagation
clr_optimization_v2.0.50727_32 Microsoft .NET Framework NGEN v2.0.50727_X86
clr_optimization_v2.0.50727_64 Microsoft .NET Framework NGEN v2.0.50727_X64
clr_optimization_v4.0.30319_32 Microsoft .NET Framework NGEN v4.0.30319_X86
clr_optimization_v4.0.30319_64 Microsoft .NET Framework NGEN v4.0.30319_X64
COMSysApp COM+ System Application
CrashPlanPROServerstartedCrashPlan PRO Server
CryptSvcstartedCryptographic Services
DcomLaunchstartedDCOM Server Process Launcher
defragsvc Disk Defragmenter
DhcpstartedDHCP Client
DnscachestartedDNS Client
dot3svc Wired AutoConfig
DPSstartedDiagnostic Policy Service
EapHost Extensible Authentication Protocol
EFS Encrypting File System (EFS)
eventlogstartedWindows Event Log
EventSystemstartedCOM+ Event System
FCRegSvc Microsoft Fibre Channel Platform Registration Service
fdPHost Function Discovery Provider Host
FDResPub Function Discovery Resource Publication
FontCachestartedWindows Font Cache Service
gpsvcstartedGroup Policy Client
hidserv Human Interface Device Access
hkmsvc Health Key and Certificate Management
IDriverT InstallDriver Table Manager
IKEEXTstartedIKE and AuthIP IPsec Keying Modules
IPBusEnum PnP-X IP Bus Enumerator
iphlpsvcstartedIP Helper
KeyIso CNG Key Isolation
KtmRm KtmRm for Distributed Transaction Coordinator
LanmanServerstartedServer
LanmanWorkstationstartedWorkstation
LiveUpdate LiveUpdate
lltdsvc Link-Layer Topology Discovery Mapper
lmhostsstartedTCP/IP NetBIOS Helper
MegaMonitorSrvstartedMRMonitor
MMCSS Multimedia Class Scheduler
MpsSvcstartedWindows Firewall
MSDTCstartedDistributed Transaction Coordinator
MSiSCSI Microsoft iSCSI Initiator Service
msiserver Windows Installer
MSMFrameworkstartedMSMFramework
napagent Network Access Protection Agent
NetlogonstartedNetlogon
NetmanstartedNetwork Connections
NetMsmqActivator Net.Msmq Listener Adapter
NetPipeActivator Net.Pipe Listener Adapter
netprofmstartedNetwork List Service
NetTcpActivator Net.Tcp Listener Adapter
NetTcpPortSharing Net.Tcp Port Sharing Service
NlaSvcstartedNetwork Location Awareness
nsistartedNetwork Store Interface Service
PerfHost Performance Counter DLL Host
pla Performance Logs & Alerts
PlugPlaystartedPlug and Play
PolicyAgentstartedIPsec Policy Agent
PowerstartedPower
ProfSvcstartedUser Profile Service
ProtectedStorage Protected Storage
RasAuto Remote Access Auto Connection Manager
RasManstartedRemote Access Connection Manager
RemoteAccess Routing and Remote Access
RemoteRegistrystartedRemote Registry
RpcEptMapperstartedRPC Endpoint Mapper
RpcLocator Remote Procedure Call (RPC) Locator
RpcSsstartedRemote Procedure Call (RPC)
RSoPProvstartedResultant Set of Policy Provider
sacsvr Special Administration Console Helper
SamSsstartedSecurity Accounts Manager
SCardSvr Smart Card
SchedulestartedTask Scheduler
SCPolicySvc Smart Card Removal Policy
seclogon Secondary Logon
SENSstartedSystem Event Notification Service
SessionEnvstartedRemote Desktop Configuration
SharedAccess Internet Connection Sharing (ICS)
ShellHWDetection Shell Hardware Detection
SmcServicestartedSymantec Management Client
SNAC Symantec Network Access Control
SNMPTRAP SNMP Trap
SplunkdstartedSplunkd
SplunkwebstartedSplunkweb
SpoolerstartedPrint Spooler
sppsvc Software Protection
sppuinotify SPP Notification Service
SSDPSRV SSDP Discovery
SstpSvcstartedSecure Socket Tunneling Protocol Service
swprv Microsoft Software Shadow Copy Provider
Symantec AntiVirusstartedSymantec Endpoint Protection
TapiSrvstartedTelephony
TBS TPM Base Services
TermServicestartedRemote Desktop Services
THREADORDER Thread Ordering Server
TrkWksstartedDistributed Link Tracking Client
TrustedInstaller Windows Modules Installer
UI0Detect Interactive Services Detection
UmRdpServicestartedRemote Desktop Services UserMode Port Redirector
upnphost UPnP Device Host
UxSmsstartedDesktop Window Manager Session Manager
VaultSvc Credential Manager
vds Virtual Disk
VSS Volume Shadow Copy
W32TimestartedWindows Time
wbengine Block Level Backup Engine Service
WcsPlugInService Windows Color System
WdiServiceHost Diagnostic Service Host
WdiSystemHost Diagnostic System Host
Wecsvc Windows Event Collector
wercplsupport Problem Reports and Solutions Control Panel Support
WerSvc Windows Error Reporting Service
WinHttpAutoProxySvc WinHTTP Web Proxy Auto-Discovery Service
WinmgmtstartedWindows Management Instrumentation
WinRMstartedWindows Remote Management (WS-Management)
wmiApSrv WMI Performance Adapter
WPDBusEnum Portable Device Enumerator Service
wuauservstartedWindows Update
wudfsvcstartedWindows Driver Foundation - User-mode Driver Framework
Expand Severity Title Port/Service
1
Windows Drivers List
QID:
90066
Category:
Windows
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
10/31/2003
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The following Windows drivers were detected.
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
NameStatusDescription
1394ohci 1394 OHCI Compliant Host Controller
ACPIstartedMicrosoft ACPI Driver
AcpiPmistartedACPI Power Meter Driver
adp94xx adp94xx
adpahci adpahci
adpu320 adpu320
AFDstartedAncillary Function Driver for Winsock
agp440 Intel AGP Bus Filter
aliide aliide
amdide amdide
AmdK8 AMD K8 Processor Driver
AmdPPM AMD Processor Driver
amdsata amdsata
amdsbs amdsbs
amdxatastartedamdxata
AppID AppID Driver
arc arc
arcsas arcsas
AsyncMacstartedRAS Asynchronous Media Driver
atapi IDE Channel
b06bdrvstartedBroadcom NetXtreme II VBD
b57nd60a Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0
Beep Beep
blbdrivestartedblbdrive
BlfmstartedBASP Virtual Adapter
Blfp Broadcom Advanced Server Program Driver
bowserstartedBrowser Support Driver
BrFiltLo Brother USB Mass-Storage Lower Filter Driver
BrFiltUp Brother USB Mass-Storage Upper Filter Driver
Brserid Brother MFC Serial Port Interface Driver (WDM)
BrSerWdm Brother WDM Serial driver
BrUsbMdm Brother MFC USB Fax Only Modem
BrUsbSer Brother MFC USB Serial WDM Driver
cdfs CD/DVD File System Reader
cdrom CD-ROM Driver
CLFSstartedCommon Log (CLFS)
CmBatt Microsoft ACPI Control Method Battery Driver
cmdide cmdide
CNGstartedCNG
Compbatt Compbatt
CompositeBusstartedComposite Bus Enumerator Driver
crcdisk Crcdisk Filter Driver
dcdbasstartedSystem Management Driver
DfsCstartedDFS Namespace Client Driver
discachestartedSystem Attribute Cache
DiskstartedDisk Driver
DXGKrnl LDDM Graphics Subsystem
ebdrv Broadcom NetXtreme II 10 GigE VBD
eeCtrlstartedSymantec Eraser Control driver
elxstor elxstor
EraserUtilRebootDrvstartedEraserUtilRebootDrv
ErrDevstartedMicrosoft Hardware Error Device Driver
exfat exFAT File System Driver
fastfatstartedFAT12/16/32 File System Driver
fdc Floppy Disk Controller Driver
FileInfo File Information FS MiniFilter
Filetrace Filetrace
flpydisk Floppy Disk Driver
FltMgrstartedFltMgr
FsDepends File System Dependency Minifilter
gagp30kx Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms
HDAudBus Microsoft UAA Bus Driver for High Definition Audio
HidBatt HID UPS Battery Driver
HidUsb Microsoft HID Class Driver
HpSAMD HpSAMD
HTTPstartedHTTP
hwpolicystartedHardware Policy Driver
i8042prt i8042 Keyboard and PS/2 Mouse Port Driver
iaStorV Intel RAID Controller Windows 7
iirsp iirsp
intelide intelide
intelppmstartedIntel Processor Driver
ioatdma Intel(R) QuickData Technology Device
IpFilterDriver IP Traffic Filter Driver
IPMIDRVstartedIPMIDRV
IPNAT IP Network Address Translator
isapnp isapnp
iScsiPrt iScsiPort Driver
kbdclassstartedKeyboard Class Driver
kbdhid Keyboard HID Driver
KSecDDstartedKSecDD
KSecPkgstartedKSecPkg
ksthunk Kernel Streaming Thunks
l2ndstartedBroadcom NetXtreme II BXND
lltdiostartedLink-Layer Topology Discovery Mapper I/O Driver
LSI_FC LSI_FC
LSI_SAS LSI_SAS
LSI_SAS2 LSI_SAS2
LSI_SCSI LSI_SCSI
luafvstartedUAC File Virtualization
megasasstartedmegasas
megasas2startedmegasas2
MegaSR MegaSR
Modem Modem
monitorstartedMicrosoft Monitor Class Function Driver Service
mouclassstartedMouse Class Driver
mouhid Mouse HID Driver
mountmgrstartedMount Point Manager
mpio Microsoft Multi-Path Bus Driver
mpsdrvstartedWindows Firewall Authorization Driver
mrxsmbstartedSMB MiniRedirector Wrapper and Engine
mrxsmb10startedSMB 1.x MiniRedirector
mrxsmb20startedSMB 2.0 MiniRedirector
msahci msahci
msdsm Microsoft Multi-Path Device Specific Module
MsfsstartedMsfs
mshidkmdf Pass-through HID to KMDF Filter Driver
msisadrvstartedmsisadrv
MsRPC MsRPC
mssmbiosstartedMicrosoft System Management BIOS Driver
MTConfig Microsoft Input Configuration Driver
MupstartedMup
NAVENGstartedNAVENG
NAVEX15startedNAVEX15
NDISstartedNDIS System Driver
NdisCap NDIS Capture LightWeight Filter
NdisTapistartedRemote Access NDIS TAPI Driver
Ndisuio NDIS Usermode I/O Protocol
NdisWanstartedRemote Access NDIS WAN Driver
NDProxystartedNDIS Proxy
NetBIOSstartedNetBIOS Interface
NetBTstartedNetBT
nfrd960 nfrd960
NpfsstartedNpfs
nsiproxystartedNSI proxy service driver.
NtfsstartedNtfs
NullstartedNull
nvraid nvraid
nvstor nvstor
nv_agp NVIDIA nForce AGP Bus Filter
ohci1394 1394 OHCI Compliant Host Controller (Legacy)
Parport Parallel port driver
partmgrstartedPartition Manager
pcistartedPCI Bus Driver
pciide pciide
pcmcia pcmcia
pcwstartedPerformance Counters for Windows Driver
PEAUTHstartedPEAUTH
percsas2startedpercsas2
PptpMiniportstartedWAN Miniport (PPTP)
Processor Processor Driver
PschedstartedQoS Packet Scheduler
ql2300 ql2300
ql40xx ql40xx
RasAcd Remote Access Auto Connection Driver
RasAgileVpnstartedWAN Miniport (IKEv2)
Rasl2tpstartedWAN Miniport (L2TP)
RasPppoestartedRemote Access PPPOE Driver
RasSstpstartedWAN Miniport (SSTP)
rdbssstartedRedirected Buffering Sub Sysytem
rdpbusstartedRemote Desktop Device Redirector Bus Driver
RDPCDDstartedRDPCDD
RDPDRstartedTerminal Server Device Redirector Driver
RDPENCDDstartedRDP Encoder Mirror Driver
RDPREFMPstartedReflector Display Driver used to gain access to graphics data
RDPWDstartedRDP Winstation Driver
rspndrstartedLink-Layer Topology Discovery Responder
s3cap s3cap
sacdrv sacdrv
sbp2port SBP-2 Transport/Protocol Bus Driver
scfilter Smart card PnP Class Filter Driver
secdrvstartedSecurity Driver
SerenumstartedSerenum Filter Driver
SerialstartedSerial port driver
sermouse Serial Mouse Driver
sffdisk SFF Storage Class Driver
sffp_mmc SFF Storage Protocol Driver for MMC
sffp_sd SFF Storage Protocol Driver for SDBus
sfloppy High-Capacity Floppy Disk Drive
SiSRaid2 SiSRaid2
SiSRaid4 SiSRaid4
Smb Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session)
spldrstartedSecurity Processor Loader Driver
splunkdrv-win6startedsplunkdrv-win6
SRTSPstartedSRTSP
SRTSPL SRTSPL
SRTSPXstartedSRTSPX
srvstartedServer SMB 1.xxx Driver
srv2startedServer SMB 2.xxx Driver
srvnetstartedsrvnet
stexstor stexstor
storfltstartedDisk Virtual Machine Bus Acceleration Filter Driver
storvsc storvsc
storvsp storvsp
swenumstartedSoftware Bus Driver
SymEventstartedSymEvent
TcpipstartedTCP/IP Protocol Driver
TCPIP6 Microsoft IPv6 Protocol Driver
tcpipregstartedTCP/IP Registry Compatibility
TDPIPE TDPIPE
TDTCPstartedTDTCP
tdxstartedNetIO Legacy TDI Support Driver
TermDDstartedTerminal Device Driver
tssecsrvstartedRemote Desktop Services Security Filter Driver
TsUsbFlt TsUsbFlt
tunnel Microsoft Tunnel Miniport Adapter Driver
uagp35 Microsoft AGPv3.5 Filter
udfs udfs
uliagpkx Uli AGP Bus Filter
umbusstartedUMBus Enumerator Driver
UmPass Microsoft UMPass Driver
usbccgp Microsoft USB Generic Parent Driver
usbehcistartedMicrosoft USB 2.0 Enhanced Host Controller Miniport Driver
usbhubstartedMicrosoft USB Standard Hub Driver
usbohci Microsoft USB Open Host Controller Miniport Driver
usbprint Microsoft USB PRINTER Class
USBSTOR USB Mass Storage Driver
usbuhcistartedMicrosoft USB Universal Host Controller Miniport Driver
vdrvrootstartedMicrosoft Virtual Drive Enumerator Driver
vgastartedvga
VgaSavestartedVgaSave
vhdmp vhdmp
viaide viaide
Vid Vid
vmbusstartedVirtual Machine Bus
VMBusHID VMBusHID
volmgrstartedVolume Manager Driver
volmgrxstartedDynamic Volume Manager
volsnapstartedStorage volumes
vsmraid vsmraid
WacomPen Wacom Serial Pen HID Driver
WANARP Remote Access IP ARP Driver
Wanarpv6startedRemote Access IPv6 ARP Driver
Wd Wd
Wdf01000startedKernel Mode Driver Frameworks service
WfpLwfstartedWFP Lightweight Filter
WIMMount WIMMount
WinUsb WinUSB Driver
WmiAcpi Microsoft Windows Management Interface for ACPI
ws2ifsl Winsock IFS Driver
WudfPfstartedUser Mode Driver Frameworks Platform Driver
WUDFRd Windows Driver Foundation - User-mode Driver Framework Reflector
Expand Severity Title Port/Service
1
Programs Launched At Startup Through The Registry
QID:
90074
Category:
Windows
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
06/25/2004
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Microsoft Windows launches a number of programs automatically at system startup. These programs are frequently used by legitimately installed software. It's possible for malware to be opened automatically as well.
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
bacstray = C:\Program Files\Broadcom\BACS\BacsTray.exe
Expand Severity Title Port/Service
1
Windows Product Type
QID:
90107
Category:
Windows
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
09/13/2007
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The results below identify which type of Windows product is installed:
- If ProductType is "Winnt", the host is running Windows Workstation.
- If ProductType is "Servernt", the host is running Windows Server.
- If ProductType is "Lanmannt", the host is running Windows Advanced Server.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
HKLM\Software\Microsoft\Windows NT\CurrentVersion
CurrentVersion=6.1
ProductName=Windows Server 2008 R2 Enterprise
HKLM\SYSTEM\currentControlSet\Control\ProductOptions
ProductSuite={"Enterprise", "Terminal Server"}
ProductType=ServerNT
Expand Severity Title Port/Service
1
Windows Registry Key Access Denied
QID:
90195
Category:
Windows
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
03/24/2009
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Remote access to the following registry keys has been denied. Access to the Registry named pipe was successful, but remote access to the Registry keys in the Result section has been denied.
IMPACT:
Vulnerabilities that require registry key access may not have been detected during the scan. This QID can be used to debug authentication and permission issues with other QIDs. This QID is not a direct indication of problems or missing patches on the target system.
SOLUTION:
See the permissions assigned to the provided user authentication credentials. On Windows XP Professional use Classic for local network logins (default is Guest only, which prohibits Registry access). This may be set at Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\Properties\
HKLM\System\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\Properties\
HKLM\System\CurrentControlSet\Control\Class\{4D36E96C-E325-11CE-BFC1-08002BE10318}\Properties\
HKLM\System\CurrentControlSet\Control\Class\{4D36E978-E325-11CE-BFC1-08002BE10318}\Properties\
HKLM\System\CurrentControlSet\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties\
HKLM\System\CurrentControlSet\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\Properties\
HKLM\System\CurrentControlSet\Control\Class\{4D36E96F-E325-11CE-BFC1-08002BE10318}\Properties\
HKLM\System\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\Properties\
Expand Severity Title Port/Service
1
Windows Internet Explorer Version
QID:
90295
Category:
Windows
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
03/27/2013
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The Windows Internet Explorer version is shown.
IMPACT:
n/a
SOLUTION:
n/a
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
HKLM\SOFTWARE\Microsoft\Internet Explorer
Version = 9.10.9200.16521
Expand Severity Title Port/Service
1
Access to File Share is Enabled
QID:
90331
Category:
Windows
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
07/18/2006
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The purpose of this QID is to indicate that access to the file share on the target host has been enabled. While the overwhelming majority of checks for Microsoft Windows and other Microsoft products rely simply on registry access via the winreg named pipe, checks for several third party products rely on file version checks which require file share access. This QID is posted if ntoskrnl.exe, which is found on all Windows systems, is detected on the target host.
IMPACT:
n/a
SOLUTION:
n/a
COMPLIANCE:
Type: CobIT
Section: DS5.4
Description: User Account Management Ensure that requesting, establishing, issuing, suspending, modifying and closing user accounts and related user privileges are addressed by user account management. An approval procedure outlining the data or system owner granting the access privileges should be included. These procedures should apply for all users, including administrators (privileged users), internal and external users, for normal and emergency cases. Rights and obligations relative to access to enterprise systems and information are contractually arranged for all types of users. Perform regular management review of all accounts and related privileges.

Type: SOX
Section: N/A
Description: User Access Management Granting resource access, user ID and password requirements, individual accountability, limited utilization of native administrative IDs, non-employee user ID expiration, reporting employee and contractor status changes. Operating System Access Control Password enforcement, logon information, password display and printing, required password changes, vendor default passwords, security changes after system compromise, systems software utility usage, automatic log off. Password Management Procedures exist that ensure the confidentiality and protection of passwords through secure password creation and distribution mechanisms, the enforcement and adherence to acceptable password standards, and the regular changing of passwords.

EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
%SystemRoot%\system32\ntoskrnl.exe found
Expand Severity Title Port/Service
1
BITS running on target
QID:
90346
Category:
Windows
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
08/22/2006
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The background intelligent transfer service was found running on the target. BITS transfers files in the background using idle network bandwidth.
IMPACT:
If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled.
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
BITS = RUNNING
Expand Severity Title Port/Service
1
Windows File Access Denied
QID:
90399
Category:
Windows
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
08/02/2007
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Remote access to the following files has been denied. Access to the share was successful, but remote access to the files in the Result section has been denied.
IMPACT:
Vulnerabilities that require file access may not have been detected during the scan.
SOLUTION:
See the permissions assigned to the provided user authentication credentials, and ensure that the credentials provide read access to the boot share. On Windows XP Professional use Classic for local network logins (default is Guest only, which prohibits file access). Using the Group Policy editor, this may be set at Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
File pathError code
C:\Documents And SettingsC0000022
C:\Users\Default UserC0000022
C:\Users\All Users8000002D
Expand Severity Title Port/Service
1
Enumerate Windows shares and shared directories readable by Everyone
QID:
90797
Category:
Windows
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/31/2012
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Refer to the RESULTS section for a list of Windows shares and shared directories that are readable by Everyone.

Columns in RESULTS section: The Share column shows the share name. The Path column shows the path to the share. The Share Account column shows localized human-readable name of the security principal that corresponds to the share SID value. The Share SID column shows security identifier value that can access the network share (Everyone SID is S-1-1-0). The Path Account column shows localized human-readable name of the security principal that corresponds to the path SID value. The Path SID column shows security identifier value that can access the shared directory (Everyone SID is S-1-1-0).

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
SharePathShare AccountShare SIDPath AccountPath SIDComments
Citrix PVS VdisksD:\Citrix PVS VdisksEveryoneS-1-1-0EveryoneS-1-1-0
Expand Severity Title Port/Service
1
Enumerate Windows shares and shared directories readable by Everyone, Authenticated Users or Domain Users
QID:
90831
Category:
Windows
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
09/10/2012
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Refer to the RESULTS section for a list of Windows shares and shared directories that are readable by Everyone, Authenticated Users, or Domain Users.

Columns in RESULTS section: The Share column shows the share name. The Path column shows the path to the share. The Share Account column shows localized human-readable name of the security principal that corresponds to the share SID value. The Share SID column shows security identifier value that can access the network share (Everyone SID is S-1-1-0, Authenticated Users SID is S-1-5-11, Domain Users is S-1-5-domain-513). The Path Account column shows localized human-readable name of the security principal that corresponds to the path SID value. The Path SID column shows security identifier value that can access the shared directory (Everyone SID is S-1-1-0, Authenticated Users SID is S-1-5-11, Domain Users is S-1-5-domain-513). All combinations of access to the share and the shared directory by Everyone, Authenticated Users, or Domain Users principals are reported in the separate rows. This includes Domain Users from multiple domains.

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
SharePathShare AccountShare SIDPath AccountPath SIDComments
Citrix PVS VdisksD:\Citrix PVS VdisksEveryoneS-1-1-0EveryoneS-1-1-0
Expand Severity Title Port/Service
1
Windows Automatic Update Information
QID:
105008
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
02/01/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The Windows Automatic Updates feature is installed. The configuration is enumerated.

If "AUOptions" = 2, the option used is: "Notify me before downloading any updates and notify me again before installing them on the computer".

If "AUOptions" = 3, the option used is: "Download the updates automatically and notify me when they are ready to be installed".

If "AUOptions" = 4, the option used is: "Automatically Download the updates, and install them on the schedule that I specify".

"ScheduledInstallTime" is the hour (in hexadecimal) to install the updates. If "ScheduledInstallDay" is not present, Windows will try the automatic install process every day. If "ScheduledInstallDay" is defined, Windows will try the automatic install process on the day of the week specified. For example, "ScheduledInstallDay" = 1 means that the update occurs every Sunday.

It also enumerates the update server information if configured.

IMPACT:
N/A
SOLUTION:
You may configure the system to enable Windows Automatic Updates.

This feature is configurable through either Control Panel or through Group Policy Administrative Template available under Computer Configuration -> Administrative Templates -> Windows Components -> Windows Update.

On Windows 2000, click Settings on the Start menu, select Control Panel, and then open Automatic Updates.

On Windows XP, click Settings on the Start menu, select Control Panel, select System, and then open Automatic Updates.

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update AUOptions = 3

HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update AUOptions = 3
HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update
NextSqmReportTime = 2013-03-23 20:20:28
FeaturedUpdatesNotificationSeqNum = 814
FeaturedUpdatesNotificationSeqNumGenTime = 2013-02-20 01:52:48
AUOptions = 3
ScheduledInstallDay = 0
ScheduledInstallTime = 3
IncludeRecommendedUpdates = 1
ElevateNonAdmins = 1
NextDetectionTime = 2013-03-23 20:25:59
NextFeaturedUpdatesNotificationTime = 2010-11-22 22:04:31
BalloonTime = 2013-03-21 00:27:57
BalloonType = 8
Expand Severity Title Port/Service
1
Windows Registry Access Level
QID:
105025
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/09/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The scanner can access these registry keys, which are important for performing patch verification.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
HKLM\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg\AllowedPaths
Machine = System\CurrentControlSet\Control\Print\Printers,System\CurrentControlSet\Services\Eventlog,Software\Microsoft\OLAP Server,Software\Microsoft\Windows NT\CurrentVersion\Print,Software\Microsoft\Windows NT\CurrentVersion\Windows,System\CurrentControlSet\Control\ContentIndex,System\CurrentControlSet\Control\Terminal Server,System\CurrentControlSet\Control\Terminal Server\UserConfig,System\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration,Software\Microsoft\Windows NT\CurrentVersion\Perflib,System\CurrentControlSet\Services\SysmonLog
HKCR\Installer\Products 181e8a2823f853642bd6f1e06bb4798a
HKCR\Installer\Products 229AD60C58C62A3499F347F493B97F4D
HKCR\Installer\Products 2640AC3794DDD5946A5ECAC46F5FAF1C
HKCR\Installer\Products 4A8371292C6E8C5408FAB4A722E8A34D
HKCR\Installer\Products 6B398E810F82B5944884CA044F947682
HKCR\Installer\Products 96F071321C0420729002000010000000
HKCR\Installer\Products BB8B3DC17503E8B4FABD9DF958740BD2
HKCR\Installer\Products BF648FAE4AEACA9449AD3733AEB448C6
HKCR\Installer\Products c1c4f01781cc94c4c8fb1542c0981a2a
HKCR\Installer\Products C28643E881181F13CBC489DC69571E2C
HKCR\Installer\Products D7314F9862C648A4DB8BE2A5B47BE100
HKCR\Installer\Products DFC90B5F2B0FFA63D84FD16F6BF37C4B
HKCR\Installer\Patches 086118FFECEA53F39AC8B1486B0E1986
HKCR\Installer\Patches 10DA027E5D39E8E3BBD84EFEA54F5EDD
HKCR\Installer\Patches 18A997D716659513FB29571416EC6D6E
HKCR\Installer\Patches 1A8486E8097BEF4329A15A1329852E45
HKCR\Installer\Patches 4712B95E429EF1135894DA17C44166D4
HKCR\Installer\Patches 4A48104E16A4E2D30953BCE6E116E070
HKCR\Installer\Patches 5E2C63AD43B6A6A3C9A0D7C11C5C7A86
HKCR\Installer\Patches 7828AFD463AE964399EF5F86EF8C6135
HKCR\Installer\Patches 79EB7C9295ED2A736A78A2DD351249A8
HKCR\Installer\Patches 989E63749D2319B3097D6C88841E81AC
HKCR\Installer\Patches A15A28B7B867B7A3DAAF7F7790A70897
HKCR\Installer\Patches A16106FD723BA16408934FD32041A952
HKCR\Installer\Patches A28754D59901E713BACCFF365D2B3168
HKCR\Installer\Patches BCD73DCB974FD4D39AE00A7F7555944C
HKCR\Installer\Patches C6548B8C21A65273598AC1F9EBE11314
HKCR\Installer\Patches C7162613F7356BB3D8C06C20F1443219
HKCR\Installer\Patches D0D6F20AA2D9B7542BD78CC0C1C198CD
HKCR\Installer\Patches DCB149AB54CB46D3BA98F037977015C5
HKCR\Installer\Patches E1F31DDFB6C9E1130A9D6D1E27CF82FF
HKCR\Installer\Patches E26C6FA6D3E4FB335A19E9D435DB2FF2
HKCR\Installer\Patches E6E126D9010E08C30A55318519317405
HKCR\Installer\Patches EB0DD54A9DC3E1F32B339BC09638EA77
HKCR\Installer\Patches F2E6961F3084F2637A65563B3684F36E
Expand Severity Title Port/Service
1
Microsoft Windows System Hardware Enumeration, CPU
QID:
105054
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
10/27/2004
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The Windows system CPU information for this host is enumerated.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
HKLM\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Identifier=Intel64 Family 6 Model 26 Stepping 5
ProcessorNameString=Intel(R) Xeon(R) CPU X5570 @ 2.93GHz
VendorIdentifier=GenuineIntel
~MHz=2933
Expand Severity Title Port/Service
1
Microsoft Windows System Hardware Enumeration, Networking Components
QID:
105059
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
09/23/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The network components are enumerated and information presented in three subcategories: Adapter, Protocol, and WinSock. These subcategories display information about the network adapters, protocols, and WinSock settings on the host system. Support engineers and network administrators can use this information to verify network configurations.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
HKLM\SYSTEM\CurrentControlSet\Enum\b06bdrv\L2ND&PCI_163B14E4&SUBSYS_02F11028&REV_20\5&15451eae&0&20050100\Control{4d36e972-e325-11ce-bfc1-08002be10318}\0007
Dev:@oem5.inf, %bcm5716c_desc%;Broadcom BCM5716C NetXtreme II GigE (NDIS VBD Client)
Manufacturer:@oem5.inf, %brcm%;Broadcom Corporation
Service:l2nd
Driver Instance:{4d36e972-e325-11ce-bfc1-08002be10318}\0007
Driver Description:Broadcom BCM5716C NetXtreme II GigE (NDIS VBD Client)
Driver_Date:12-17-2009
Driver_Version:5.2.14.0
HKLM\SYSTEM\CurrentControlSet\Enum\b06bdrv\L2ND&PCI_163B14E4&SUBSYS_02F11028&REV_20\5&22f303b&0&20050100\Control{4d36e972-e325-11ce-bfc1-08002be10318}\0010
Dev:@oem5.inf, %bcm5716c_desc%;Broadcom BCM5716C NetXtreme II GigE (NDIS VBD Client)
Manufacturer:@oem5.inf, %brcm%;Broadcom Corporation
Service:l2nd
Driver Instance:{4d36e972-e325-11ce-bfc1-08002be10318}\0010
Driver Description:Broadcom BCM5716C NetXtreme II GigE (NDIS VBD Client)
Driver_Date:12-17-2009
Driver_Version:5.2.14.0
HKLM\SYSTEM\CurrentControlSet\Enum\sw\{eeab7790-c514-11d1-b42b-00805fc1270e}\asyncmac\Control{4d36e972-e325-11ce-bfc1-08002be10318}\0011
Dev:@netrasa.inf, %mp-asyncmac-dispname%;RAS Async Adapter
Manufacturer:@netrasa.inf, %msft%;Microsoft
Service:AsyncMac
Driver Instance:{4d36e972-e325-11ce-bfc1-08002be10318}\0011
Driver Description:RAS Async Adapter
Driver_Date:6-21-2006
Driver_Version:6.1.7600.16385
HKLM\SYSTEM\CurrentControlSet\Enum\b06bdrv\L2ND&PCI_163914E4&SUBSYS_090714E4&REV_20\5&260f44f1&0&20050500\Control{4d36e972-e325-11ce-bfc1-08002be10318}\0013
Dev:@oem5.inf, %bcm5709c_desc%;Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Client)
Manufacturer:@oem5.inf, %brcm%;Broadcom Corporation
Service:l2nd
Driver Instance:{4d36e972-e325-11ce-bfc1-08002be10318}\0013
Driver Description:Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Client)
Driver_Date:12-17-2009
Driver_Version:5.2.14.0
HKLM\SYSTEM\CurrentControlSet\Enum\b06bdrv\L2ND&PCI_163914E4&SUBSYS_090714E4&REV_20\5&13e1a90e&0&20050500\Control{4d36e972-e325-11ce-bfc1-08002be10318}\0015
Dev:@oem5.inf, %bcm5709c_desc%;Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Client)
Manufacturer:@oem5.inf, %brcm%;Broadcom Corporation
Service:l2nd
Driver Instance:{4d36e972-e325-11ce-bfc1-08002be10318}\0015
Driver Description:Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Client)
Driver_Date:12-17-2009
Driver_Version:5.2.14.0
Expand Severity Title Port/Service
1
Microsoft Windows System Hardware Enumeration: Serial, Parallel and USB Device Drivers
QID:
105060
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
10/08/2007
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Information about universal serial bus (USB) device drivers and controllers on this computer is enumerated. The Device column lists each installed USB device driver, and the PNP Device ID column lists the ID for the device.

For serial ports and parallel ports, this information is provided: name, status, I/O port (the communication channel among hardware devices installed on the computer), IRQ channel, and driver.

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
HKLM\SYSTEM\CurrentControlSet\Enum\ACPI\PNP0501\1\Control{4d36e978-e325-11ce-bfc1-08002be10318}\0000
Dev:@msports.inf, %*pnp0501.devicedesc%;Communications Port
Manufacturer:@msports.inf, %std%;(Standard port types)
Service:Serial
Driver Instance:{4d36e978-e325-11ce-bfc1-08002be10318}\0000
Driver Description:Communications Port
Driver_Date:6-21-2006
Driver_Version:6.1.7600.16385
HKLM\SYSTEM\CurrentControlSet\Enum\ACPI\PNP0501\2\Control{4d36e978-e325-11ce-bfc1-08002be10318}\0001
Dev:@msports.inf, %*pnp0501.devicedesc%;Communications Port
Manufacturer:@msports.inf, %std%;(Standard port types)
Service:Serial
Driver Instance:{4d36e978-e325-11ce-bfc1-08002be10318}\0001
Driver Description:Communications Port
Driver_Date:6-21-2006
Driver_Version:6.1.7600.16385
Expand Severity Title Port/Service
1
Microsoft Windows Audit Settings Enumerated From LSA
QID:
105063
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
08/09/2006
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The account audit configuration is enumerated. The audit settings are:
Audit System Events
Audit Logon Events
Audit Object Access
Audit Privilege Use
Audit Process Tracking
Audit Policy Change
Audit Account Management
Audit Directory Service Access
Audit Account Logon

You should specify an administrator privileged user in the "Windows Authentication Record" preferences of QualysGuard for this detection to be successful.

IMPACT:
N/A
SOLUTION:
It is advised to log at least the logon events as a best practice.

Use the MMC snapin "Administrative Tools" - "Local Security Policy" to change the settings. These options are listed under "Local Policy" - "Audit Policy".

COMPLIANCE:
Type: CobIT
Section: N/A
Description: The IT Management Official (or Technology Architecture Manager) ensures audit trail/system upgrade histories are stored in a secure location with update/delete access granted on a strict business need only basis to technology support personnel.

Type: HIPAA
Section: 164.308(a)(5)(ii)(C)
Description: Log-In Monitoring Procedures for monitoring log-in attempts and reporting discrepancies.

Type: SOX
Section: N/A
Description: Event capture/violation logging is enabled at the operating system to record the following: - All significant security relevant events including, but not limited to, invalid password guessing attempts, failed attempts to use privileges or resources that are not authorized - All user ID creation, deletion, and privilege change activity performed by system administrators and others with privileged user IDs

EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Audit system eventsNo Auditing
Audit logon eventsNo Auditing
Audit object accessNo Auditing
Audit privilege useNo Auditing
Audit process trackingNo Auditing
Audit policy changeNo Auditing
Audit account managementNo Auditing
Audit directory service accessNo Auditing
Audit account logon eventsNo Auditing
Expand Severity Title Port/Service
1
File Access Permissions for Regedt32.exe
QID:
105141
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
03/28/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The Registry Editors allow administrators and applications to tweak the system. Malicious users with unauthorized access could compromise the system or gather sensitive information about it from the registry. Access to registry editors should be limited to only the authorized administrative users. The permissions for the target's regedit32.exe registry editor binaries are listed in the Result section below.
IMPACT:
N/A
SOLUTION:
Verify that only legitimate administrative, authorized users have access to the registry editors.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
%windir%\system32\regedt32.exe Administrators 544 access_allowed standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write
%windir%\system32\regedt32.exe SYSTEM 18 access_allowed standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write
%windir%\system32\regedt32.exe Users 545 access_allowed standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write
Expand Severity Title Port/Service
1
File Access Permissions for Regedit.exe
QID:
105154
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
03/25/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The Registry Editors allow administrators and applications to tweak the system. Malicious users with unauthorized access could compromise the system or gather sensitive information about it from the registry. Access to registry editors should be limited to only the authorized administrative users. The permissions for the host's registry editor binary "regedit.exe" are listed in the Result section below.
IMPACT:
N/A
SOLUTION:
Verify that only legitimate administrative, authorized users have access to the registry editors.
COMPLIANCE:
Type: CobIT
Section: DS5.4
Description: User Account Management Ensure that requesting, establishing, issuing, suspending, modifying and closing user accounts and related user privileges are addressed by user account management. An approval procedure outlining the data or system owner granting the access privileges should be included. These procedures should apply for all users, including administrators (privileged users), internal and external users, for normal and emergency cases. Rights and obligations relative to access to enterprise systems and information are contractually arranged for all types of users. Perform regular management review of all accounts and related privileges.

EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
%windir%\regedit.exe Administrators 544 access_allowed standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write
%windir%\regedit.exe SYSTEM 18 access_allowed standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write
%windir%\regedit.exe Users 545 access_allowed standard_write_owner standard_delete write_attributes generic_all write_data delete_child read_data standard_write_dac standard_read read_attributes execute generic_execute generic_read write_extended_attributes read_extended_attributes append_data synchronize generic_write
Expand Severity Title Port/Service
1
Microsoft Windows System EventLog Policy Parameters
QID:
105165
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
04/18/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
This reports the EventLog parameters for the System database that are of interest to compliance audits. These configurations exist under this registry subkey:

HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\System

RestrictGuestAccess - Setting this to 1 prevents guests and anonymous user accounts from having read access to the System EventLog.

MaxSize - This value specifies tha maximum size limit for the System EventLog database.

Retention - This value specifies the overwrite behavior for the System EventLog. 0 means overwrite as needed. 0xffffffff means do not overwrite events, and other values specify number of days that eventlog entries are preserved before overwriting.

IMPACT:
N/A
SOLUTION:
Configure the System EventLog by changing the registry values to appropriate values, or use the EventViewer GUI to change the parameters.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
HKLM\SYSTEM\CurrentControlSet\Services\EventLog\System
MaxSize=33554432
Retention=0
RestrictGuestAccess=1
Expand Severity Title Port/Service
1
Microsoft Windows Application EventLog Policy Parameters
QID:
105166
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
04/18/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
This reports the EventLog parameters for the System database that are of interest to compliance audits. These configurations exist under this registry subkey:

HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application

RestrictGuestAccess - Setting this to 1 prevents guests and anonymous user accounts from having read access to the Application EventLog database.

MaxSize - This value specifies tha maximum size limit for the Application EventLog database.

Retention - This value specifies the overwrite behavior for the Application EventLog. 0 means overwrite as needed. 0xffffffff means do not overwrite events, and other values specify the number of days of eventlog entries that are preserved before overwriting.

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Type: CobIT
Section: DS5.4
Description: User Account Management Ensure that requesting, establishing, issuing, suspending, modifying and closing user accounts and related user privileges are addressed by user account management. An approval procedure outlining the data or system owner granting the access privileges should be included. These procedures should apply for all users, including administrators (privileged users), internal and external users, for normal and emergency cases. Rights and obligations relative to access to enterprise systems and information are contractually arranged for all types of users. Perform regular management review of all accounts and related privileges.

EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
MaxSize=33554432
Retention=0
RestrictGuestAccess=1
Expand Severity Title Port/Service
1
Microsoft Windows Security EventLog Policy Parameters
QID:
105167
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
04/07/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
This reports the EventLog parameters for the Security database that are of interest to compliance audits. These configurations exist under this registry subkey:
HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security

RestrictGuestAccess - Setting this to 1 prevents guests and anonymous user accounts from having read access to the Security EventLog.

MaxSize - This value specifies tha maximum size limit for the Security EventLog database.

Retention - This value specifies the overwrite behavior for the Security EventLog. 0 means overwrite as needed. 0xffffffff means do not overwrite events, and other values specify the number of days of eventlog entries that are preserved before overwriting.

IMPACT:
N/A
SOLUTION:
Configure the Security Eventlog by changing the registry values to appropriate values or use the EventViewer GUI to change the parameters.
COMPLIANCE:
Type: CobIT
Section: DS5.4
Description: User Account Management Ensure that requesting, establishing, issuing, suspending, modifying and closing user accounts and related user privileges are addressed by user account management. An approval procedure outlining the data or system owner granting the access privileges should be included. These procedures should apply for all users, including administrators (privileged users), internal and external users, for normal and emergency cases. Rights and obligations relative to access to enterprise systems and information are contractually arranged for all types of users. Perform regular management review of all accounts and related privileges.

EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Security
MaxSize=268435456
Retention=0
RestrictGuestAccess=1
Expand Severity Title Port/Service
1
Message For Users Attempting To Logon To Windows System
QID:
105179
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
04/20/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Windows has a log-on notice setting that allows administrators to display a legal notice prior to users logging in. This check tests to see if the legal log-on notice is set at the target and enumerates the current value.
IMPACT:
This notice is used to ensure that sensitive systems are only accessed by authorized personnel.
SOLUTION:
The legal text can be added through the local security policy GUI or through the following registry values under the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon

LegalNoticeCaption (REG_SZ) and LegalNoticeText (REG_SZ)

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon
LegalNoticeCaption =
LegalNoticeText =
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System
legalnoticecaption = UNAUTHORIZED ACCESS TO THIS SYSTEM IS PROHIBITED
legalnoticetext = The University of North Carolina at Chapel Hill
Unauthorized access to this system is prohibited!
This is a University system intended for University purposes only. The University reserves the right to monitor the use of this system as required to ensure its stability, availability, and security.
Please report any problems to help@unc.edu, or 962-HELP, or go to http://help.unc.edu and click on the request help button to submit a help request.
Expand Severity Title Port/Service
1
Group Policy Objects Processed By SecCli are Enumerated from History Log
QID:
105238
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
09/26/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The group policy objects that are processed by the policy SecCli extension agent are enumerated. SecCli processes the security policy options set using the group policy editor MMC console.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
GPO Installed by Policy Agent - HKLM\Software\Microsoft\Windows\CurrentVersion\Group Policy\History\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}
Entry: 0
DisplayName: Domain_Domain Policy-Common
DSPath: LDAP://CN=Machine,cn={A7A40BA4-38F7-4C01-B2B6-9EA2033A2297},cn=policies,cn=system,DC=ad,DC=unc,DC=edu
GPOName: {A7A40BA4-38F7-4C01-B2B6-9EA2033A2297}
Link: LDAP://DC=ad,DC=unc,DC=edu
Entry: 1
DisplayName: Domain_Domain Policy-7/2008 R2
DSPath: LDAP://CN=Machine,cn={06A0D02D-F78E-49A0-914A-708F1B122CCF},cn=policies,cn=system,DC=ad,DC=unc,DC=edu
GPOName: {06A0D02D-F78E-49A0-914A-708F1B122CCF}
Link: LDAP://DC=ad,DC=unc,DC=edu
Entry: 10
DisplayName: CAS_CrashPlanPro
DSPath: LDAP://CN=Machine,cn={9944B681-EB57-4F09-AC36-B0A7BC85ED70},cn=policies,cn=system,DC=ad,DC=unc,DC=edu
GPOName: {9944B681-EB57-4F09-AC36-B0A7BC85ED70}
Link: LDAP://OU=Backup,OU=Production,OU=Servers,OU=CAS,OU=UNC,DC=ad,DC=unc,DC=edu
Entry: 2
DisplayName: Domain_WSUS Policy
DSPath: LDAP://CN=Machine,cn={DF283970-2C6B-4A1E-B160-07265FEB083A},cn=policies,cn=system,DC=ad,DC=unc,DC=edu
GPOName: {DF283970-2C6B-4A1E-B160-07265FEB083A}
Link: LDAP://DC=ad,DC=unc,DC=edu
Entry: 3
DisplayName: Domain_Qualys Authenticated Security Scan Policy
DSPath: LDAP://CN=Machine,cn={C5944470-A5BD-49E5-BF78-ED95851C657A},cn=policies,cn=system,DC=ad,DC=unc,DC=edu
GPOName: {C5944470-A5BD-49E5-BF78-ED95851C657A}
Link: LDAP://DC=ad,DC=unc,DC=edu
Entry: 4
DisplayName: Domain_Computer Client Certificate Enrollment Policy
DSPath: LDAP://CN=Machine,cn={B7FCF05F-36E4-4BD7-B505-968BDC047977},cn=policies,cn=system,DC=ad,DC=unc,DC=edu
GPOName: {B7FCF05F-36E4-4BD7-B505-968BDC047977}
Link: LDAP://OU=UNC,DC=ad,DC=unc,DC=edu
Entry: 5
DisplayName: UNC_Disable Skype Super Nodes
DSPath: LDAP://CN=Machine,cn={29B24245-69A6-4166-B230-20261CBFDC89},cn=policies,cn=system,DC=ad,DC=unc,DC=edu
GPOName: {29B24245-69A6-4166-B230-20261CBFDC89}
Link: LDAP://OU=UNC,DC=ad,DC=unc,DC=edu
Entry: 6
DisplayName: UNC_Security Zones Exceptions Policy
DSPath: LDAP://CN=Machine,cn={078B9578-D057-400B-A3EC-63EA37635809},cn=policies,cn=system,DC=ad,DC=unc,DC=edu
GPOName: {078B9578-D057-400B-A3EC-63EA37635809}
Link: LDAP://OU=UNC,DC=ad,DC=unc,DC=edu
Entry: 7
DisplayName: UNC_Software Restrictions Policy-A
DSPath: LDAP://CN=Machine,cn={9CB697C1-C5EC-460B-A466-09F6CEED5D23},cn=policies,cn=system,DC=ad,DC=unc,DC=edu
GPOName: {9CB697C1-C5EC-460B-A466-09F6CEED5D23}
Link: LDAP://OU=UNC,DC=ad,DC=unc,DC=edu
Entry: 8
DisplayName: CAS_OU Policy
DSPath: LDAP://CN=Machine,cn={BF062134-F22E-43F9-95A4-610AAFA1FCC6},cn=policies,cn=system,DC=ad,DC=unc,DC=edu
GPOName: {BF062134-F22E-43F9-95A4-610AAFA1FCC6}
Link: LDAP://OU=CAS,OU=UNC,DC=ad,DC=unc,DC=edu
Entry: 9
DisplayName: CAS_Servers Policy
DSPath: LDAP://CN=Machine,cn={051E359E-0420-4C74-B86D-725770EF2698},cn=policies,cn=system,DC=ad,DC=unc,DC=edu
GPOName: {051E359E-0420-4C74-B86D-725770EF2698}
Link: LDAP://OU=Servers,OU=CAS,OU=UNC,DC=ad,DC=unc,DC=edu
Expand Severity Title Port/Service
1
Windows Builtin User Group Membership Audit - Backup Operators
QID:
105239
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
11/11/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The members of the Backup Operators Group are enumerated. It is essential to make sure unauthorized users are not part of this builtin group.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Backup Operators No members in this group
Expand Severity Title Port/Service
1
Windows Builtin User Group Membership Audit - Replicator
QID:
105240
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
11/11/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
User accounts that are members of the Replicator Group are enumerated from the target host.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Replicator No members in this group
Expand Severity Title Port/Service
1
Windows Builtin User Group Membership Audit - Network Configuration Operators
QID:
105241
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
11/11/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The user accounts that are members of the Network Configuration Operators group are enumerated.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Network Configuration Operators No members in this group
Expand Severity Title Port/Service
1
IPSEC Policy Agent Service Status Detected
QID:
105256
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
11/28/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The status of IPSEC Policy Agent Service at the target Windows machine is enumerated.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
PolicyAgent = RUNNING
Expand Severity Title Port/Service
1
Internet Explorer Search Companion Setting
QID:
105291
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
02/14/2006
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Search Companion settings for users are enumerated from the target Microsoft Windows machine. Search Companion is a feature integrated into Internet Explorer that allows Internet searches for files using a web service hosted by Microsoft.
IMPACT:
N/A
SOLUTION:
Search Companion can be disabled using the Internet Explorer GUI.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
KEY: Software\Microsoft\Internet Explorer\MainUse Search Asst
Local_SystemLast Change:value_missing_Q
Local_ServiceLast Change:value_missing_Q
Network_ServiceLast Change:value_missing_Q
S-1-5-21-211078830-3296991091-4275501491-1000Last Change:value_missing_Q
S-1-5-21-211078830-3296991091-4275501491-1001Last Change:value_missing_Q
Domain_AdministratorLast Change:value_missing_Q
AD\thensley.admLast Change:value_missing_Q
S-1-5-21-344340502-4252695000-2390403120-1277589Last Change:value_missing_Q
AD\hmeriwet.admLast Change:value_missing_Q
AD\semone.admLast Change:value_missing_Q
AD\noel.admLast Change:value_missing_Q
AD\haro.admLast Change:value_missing_Q
AD\jamesfox.admLast Change:value_missing_Q
AD\dewilde.admLast Change:value_missing_Q
AD\brinegar.admLast Change:value_missing_Q
AD\zfisher.admLast Change:value_missing_Q
AD\tcandrew.admLast Change:value_missing_Q
AD\dadesky.admLast Change:value_missing_Q
Expand Severity Title Port/Service
1
Microsoft Silverlight Version
QID:
115635
Category:
Local
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
10/02/2007
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Microsoft Silverlight is a cross-browser, cross-platform, plug-in for delivering media experiences and rich interactive applications for the Web. The Microsoft Silverlight version is shown.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
HKLM\SOFTWARE\Microsoft\Silverlight
Version = 5.1.20125.0
Expand Severity Title Port/Service
1
Windows Forensics MRU Enumeration - Regedit.exe
QID:
125017
Category:
Forensics
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
03/22/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
This test enumerates the last edited key by the regedit.exe utility.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Key:Software\Microsoft\Windows\CurrentVersion\Applets\RegeditValue:Lastkey
User:AD\semone.admVAL:Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0015
Key:Software\Microsoft\Windows\CurrentVersion\Applets\RegeditValue:Lastkey
User:AD\brinegar.admVAL:Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server
Expand Severity Title Port/Service
1
Windows Forensics MRU Enumeration - WordPad Files
QID:
125018
Category:
Forensics
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
08/02/2006
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The most recently used WordPad files are enumerated.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Key:Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File ListValue:File1
User:AD\semone.admVAL:C:\Users\semone.adm\Desktop\proserver.properties
Key:Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File ListValue:File1
User:AD\jamesfox.admVAL:D:\BackupServer\ocs-managed\asdc2.asntdomain1.cas.unc.edu\readmet.rtf
Expand Severity Title Port/Service
1
Default Web Page port 4280/tcp
QID:
12230
Category:
CGI
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
06/19/2006
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The Result section displays the default Web page for the Web server.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Last-Modified: Sat, 23 Mar 2013 19:09:46 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 315
Server: Jetty(7.6.3.v20120416)

<!DOCTYPE html>
<html>
<head>
<title></title>
<link rel="icon" type="image/png" href="/consolefavicon.png" />
<meta id="redirect" http-equiv="refresh" content="0;url=/console/"/>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
</head>
<body style="display:none;">
</body>
</html>
Expand Severity Title Port/Service
1
Web Server Supports HTTP Request Pipelining port 4280/tcp
QID:
86565
Category:
Web server
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
02/22/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Version 1.1 of the HTTP protocol supports URL-Request Pipelining. This means that instead of using the "Keep-Alive" method to keep the TCP connection alive over multiple requests, the protocol allows multiple HTTP URL requests to be made in the same TCP packet. Any Web server which is HTTP 1.1 compliant should then process all the URLs requested in the single TCP packet and respond as usual.

The target Web server was found to support this functionality of the HTTP 1.1 protocol.

IMPACT:
Support for URL-Request Pipelining has interesting consequences. For example, as explained in this paper by Daniel Roelker, it can be used for evading detection by Intrusion Detection Systems. Also, it can be used in HTTP Response-Spliting style attacks.
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
GET / HTTP/1.1
Host:152.2.41.22:4280

GET /Q_Evasive/ HTTP/1.1
Host:152.2.41.22:4280



HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 315
Last-Modified: Sat, 23 Mar 2013 19:09:46 GMT
Server: Jetty(7.6.3.v20120416)

<!DOCTYPE html>
<html>
<head>
<title></title>
<link rel="icon" type="image/png" href="/consolefavicon.png" />
<meta id="redirect" http-equiv="refresh" content="0;url=/console/"/>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
</head>
<body style="display:none;">
</body>
</html>

HTTP/1.1 302 Found
Set-Cookie: JSESSIONID=qinr5uz3qymt1kru84hwuepo8;Path=/;HttpOnly
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache, no-store,must-revalidate, max-age=-1
Pragma: no-cache, no-store
Location: http://152.2.41.22:4280/manage/
Content-Length: 0
Server: Jetty(7.6.3.v20120416)
Expand Severity Title Port/Service
1
Web Server Version crashplan.oasis.unc.edu:4280/tcp
QID:
86000
Category:
Web server
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
01/01/1999
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
N/A
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Server VersionServer Banner
Jetty(7.6.3.v20120416)Jetty(7.6.3.v20120416)
Expand Severity Title Port/Service
1
List of Web Directories crashplan.oasis.unc.edu:4280/tcp
QID:
86672
Category:
Web server
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
09/10/2004
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Based largely on the HTTP reply code, the following directories are most likely present on the host.
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
DirectorySource
/console/brute force
/console/web page
/console/shared/web page
/console/shared/js/web page
Expand Severity Title Port/Service
1
SSL Server Information Retrieval port 3071/tcp over SSL
QID:
38116
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
07/28/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:

The following is a list of supported SSL ciphers. Note: If a cipher is included in this list it means that it was possible to establish a SSL connection using that cipher. There are some web servers setups that allow connections to be established using a LOW grade cipher, only to provide a web page stating that the URL is accessible only through a non-LOW grade cipher. In this case even though LOW grade cipher will be listed here QID 38140 will not be reported.

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
SSLv2_PROTOCOL_IS_DISABLED _ _ _ _ _
SSLv3_PROTOCOL_IS_ENABLED _ _ _ _ _
SSLv3 COMPRESSION_METHOD None _ _ _
TLSv1_PROTOCOL_IS_ENABLED _ _ _ _ _
TLSv1 COMPRESSION_METHOD None _ _ _
Expand Severity Title Port/Service
1
SSL/TLS invalid protocol version tolerance port 3071/tcp over SSL
QID:
38597
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
02/13/2012
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
SSL/TLS protocols have different version that can be supported by both the client and the server. This test attempts to send invalid protocol versions to the target in order to find out what is the targets behavior. The results section contains a table that indicates what was the target's response to each of our tests.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
my versiontarget version
03040301
03990301
0400rejected
0499rejected
Expand Severity Title Port/Service
1
TLS Secure Renegotiation Extension Supported port 3071/tcp over SSL
QID:
42350
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
12/01/2011
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Secure Socket Layer (SSL) and Transport Layer Security (TLS) renegotiation are vulnerable to an attack in which the attacker forms a TLS connection with the target server, injects content of his choice, and then splices in a new TLS connection from a client. The server treats the client's initial TLS handshake as a renegotiation and thus believes that the initial data transmitted by the attacker is from the same entity as the subsequent client data. TLS protocol was extended to cryptographically tierenegotiations to the TLS connections they are being performed over, This is referred to as TLS secure renegotiation extension. This detection determines whether the TLS secure renegotiation extension is supported by the server or not.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
TLS Secure Renegotiation Extension Status: not supported.
Expand Severity Title Port/Service
1
SSL Server Information Retrieval port 27599/tcp over SSL
QID:
38116
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
07/28/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:

The following is a list of supported SSL ciphers. Note: If a cipher is included in this list it means that it was possible to establish a SSL connection using that cipher. There are some web servers setups that allow connections to be established using a LOW grade cipher, only to provide a web page stating that the URL is accessible only through a non-LOW grade cipher. In this case even though LOW grade cipher will be listed here QID 38140 will not be reported.

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
SSLv2_PROTOCOL_IS_DISABLED _ _ _ _ _
SSLv3_PROTOCOL_IS_ENABLED _ _ _ _ _
SSLv3 COMPRESSION_METHOD None _ _ _
TLSv1_PROTOCOL_IS_ENABLED _ _ _ _ _
TLSv1 COMPRESSION_METHOD None _ _ _
ECDHE-RSA-AES256-SHA ECDH RSA SHA1 AES(256) _HIGH_
AES256-SHA RSA RSA SHA1 AES(256) _HIGH_
DES-CBC3-SHA RSA RSA SHA1 3DES(168) _HIGH_
ECDHE-RSA-AES128-SHA ECDH RSA SHA1 AES(128) _MEDIUM_
AES128-SHA RSA RSA SHA1 AES(128) _MEDIUM_
RC4-SHA RSA RSA SHA1 RC4(128) _MEDIUM_
RC4-MD5 RSA RSA MD5 RC4(128) _MEDIUM_
Expand Severity Title Port/Service
1
SSL Session Caching Information port 27599/tcp over SSL
QID:
38291
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
09/16/2004
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
SSL session is a collection of security parameters that are negotiated by the SSL client and server for each SSL connection. SSL session caching is targeted to reduce the overhead of negotiations in recurring SSL connections. SSL sessions can be reused to resume an earlier connection or to establish multiple simultaneous connections. The client suggests an SSL session to be reused by identifying the session with a Session-ID during SSL handshake. If the server finds it appropriate to reuse the session, then they both proceed to secure communication with already known security parameters.

This test determines if SSL session caching is enabled on the host.

IMPACT:
SSL session caching is part of the SSL and TLS protocols and is not a security threat. The result of this test is for informational purposes only.
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
TLSv1 session caching is disabled on the target.
Expand Severity Title Port/Service
1
SSL/TLS invalid protocol version tolerance port 27599/tcp over SSL
QID:
38597
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
02/13/2012
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
SSL/TLS protocols have different version that can be supported by both the client and the server. This test attempts to send invalid protocol versions to the target in order to find out what is the targets behavior. The results section contains a table that indicates what was the target's response to each of our tests.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
my versiontarget version
03040301
03990301
04000301
04990301
Expand Severity Title Port/Service
1
SSL Certificate will expire within next six months port 27599/tcp over SSL
QID:
38600
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
12/26/2012
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Certificate are used for authentication purposes in different protocols such as SSL/TLS. Each certificate has a validity period outside of which it is supposed to be considered invalid. This QID is reported to inform that a certificate will expire within next six months. The advance notice can be helpful since obtaining a certificate can take some time.
IMPACT:
Expired certificates can cause connection disruptions or compromise the integrity and privacy of the connections being protected by certificates.
SOLUTION:
Contact the certificate authority that signed your certificate to arrange for a renewal.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Certificate #0 CN=CAS-ENTBKUP1.ad.unc.edu The certificate will expire within six months: Jun 13 14:10:06 2013 GMT
Expand Severity Title Port/Service
1
TLS Secure Renegotiation Extension Supported port 27599/tcp over SSL
QID:
42350
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
12/01/2011
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Secure Socket Layer (SSL) and Transport Layer Security (TLS) renegotiation are vulnerable to an attack in which the attacker forms a TLS connection with the target server, injects content of his choice, and then splices in a new TLS connection from a client. The server treats the client's initial TLS handshake as a renegotiation and thus believes that the initial data transmitted by the attacker is from the same entity as the subsequent client data. TLS protocol was extended to cryptographically tierenegotiations to the TLS connections they are being performed over, This is referred to as TLS secure renegotiation extension. This detection determines whether the TLS secure renegotiation extension is supported by the server or not.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
TLS Secure Renegotiation Extension Status: supported.
Expand Severity Title Port/Service
1
SSL Certificate - Information port 27599/tcp over SSL
QID:
86002
Category:
Web server
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
01/23/2003
User Modified:
-
Edited:
No
PCI Vuln:
No
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
NAMEVALUE
(0)CERTIFICATE 0
(0)Version3 (0x2)
(0)Serial Number 72:cc:4c:6c:b0:8d:d9:b8:40:d5:5c:85:08:41:3f:53
(0)Signature Algorithmsha1WithRSAEncryption
(0)ISSUER NAME
commonNameCAS-ENTBKUP1.ad.unc.edu
(0)SUBJECT NAME
commonNameCAS-ENTBKUP1.ad.unc.edu
(0)Valid FromDec 12 14:10:06 2012 GMT
(0)Valid TillJun 13 14:10:06 2013 GMT
(0)Public Key AlgorithmrsaEncryption
(0)RSA Public Key(2048 bit)
(0) Public-Key: (2048 bit)
(0) Modulus:
(0) 00:c8:6b:69:17:e8:64:9d:8a:ff:ec:ce:ab:ea:6e:
(0) e7:82:fb:4a:2f:46:81:7b:53:a4:55:88:92:28:cf:
(0) cf:47:09:85:5a:60:f1:f5:c8:bb:5e:6c:5d:89:17:
(0) e3:e6:13:06:16:82:3b:8b:5e:a7:02:38:6e:94:2a:
(0) 4d:a8:33:83:fe:2d:26:94:19:83:8a:a6:41:94:94:
(0) 63:d9:fb:c8:1c:ed:8f:c5:70:dd:97:8e:2c:f9:43:
(0) 0d:66:36:df:34:21:2e:99:12:dc:af:f0:0a:a1:4d:
(0) 02:84:e2:c6:cb:0e:e5:ca:00:b8:47:db:01:31:12:
(0) d6:e2:16:20:e7:31:1f:88:7a:65:c0:a7:33:d4:fd:
(0) 00:cf:e2:2c:22:52:06:1b:24:8d:d6:3e:b0:93:78:
(0) cf:37:09:7f:8a:34:a6:bf:15:3c:56:77:7d:41:a5:
(0) 28:50:f9:e7:0d:14:37:00:50:35:4f:81:d3:53:2e:
(0) 49:6a:b7:f2:ea:98:d0:19:c2:d6:ba:5b:e6:36:97:
(0) 8c:c8:90:1d:19:35:16:7d:a2:82:8b:0d:91:f7:6a:
(0) 72:5d:e6:f3:e2:a3:c7:a4:1a:5d:f3:48:8a:8a:6a:
(0) 82:86:8c:bd:b0:82:cf:45:4d:64:04:da:85:8d:09:
(0) c6:ee:80:fc:4e:d0:6d:e4:c6:03:b4:98:69:4c:75:
(0) 8f:f5
(0) Exponent: 65537 (0x10001)
(0)X509v3 EXTENSIONS
(0)X509v3 Extended Key Usage TLS Web Server Authentication
(0)X509v3 Key Usage Key Encipherment, Data Encipherment
(0)Signature(256 octets)
(0) 6b:92:94:be:37:87:15:64:47:cf:c2:2f:c9:cc:e7:3e
(0) 98:4f:c1:6f:b2:da:94:49:06:12:4b:af:4a:d4:e3:77
(0) fc:e0:b4:b2:59:1d:de:8e:d2:62:f4:b9:e8:21:83:c6
(0) 04:90:a6:9f:2c:7f:aa:6c:70:cf:04:f0:c9:68:be:32
(0) 38:27:af:cd:12:9b:ec:aa:8a:a4:60:63:e2:0f:84:f0
(0) da:8b:2d:f0:eb:d6:00:27:1d:6c:ec:45:21:e1:93:67
(0) 13:31:ec:1d:ae:ff:87:7c:55:49:55:a1:7f:24:0a:84
(0) 01:68:07:b7:2d:e8:83:11:88:ef:b9:ef:28:7d:79:df
(0) 89:f2:13:05:fa:a2:7b:11:1d:72:3e:31:63:f4:a5:b2
(0) 1c:d9:26:e4:58:18:45:8d:0d:38:4b:5f:a5:1a:a1:e6
(0) de:50:73:97:94:af:0b:08:86:1c:6c:e0:b9:bd:59:9a
(0) 5f:c9:6e:fd:cb:a6:9e:84:92:1b:f1:51:74:c9:b1:56
(0) d2:22:73:58:fd:81:30:4d:80:15:7d:d8:76:ee:d2:54
(0) b2:d5:45:b3:8b:3c:23:da:a1:e9:ce:7f:78:b0:65:30
(0) 32:d4:c7:50:63:ad:02:a4:a9:67:61:32:4d:f2:a1:ca
(0) 61:08:0c:65:a5:e6:ee:35:04:e9:f8:e1:5e:a8:cf:cf
Expand Severity Title Port/Service
1
Default Web Page port 4285/tcp over SSL
QID:
12230
Category:
CGI
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
06/19/2006
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The Result section displays the default Web page for the Web server.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Content-Type: text/html
Content-Length: 315
Last-Modified: Sat, 23 Mar 2013 19:11:49 GMT
Server: Jetty(7.6.3.v20120416)

<!DOCTYPE html>
<html>
<head>
<title></title>
<link rel="icon" type="image/png" href="/consolefavicon.png" />
<meta id="redirect" http-equiv="refresh" content="0;url=/console/"/>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
</head>
<body style="display:none;">
</body>
</html>
Expand Severity Title Port/Service
1
SSL Server Information Retrieval port 4285/tcp over SSL
QID:
38116
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
07/28/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:

The following is a list of supported SSL ciphers. Note: If a cipher is included in this list it means that it was possible to establish a SSL connection using that cipher. There are some web servers setups that allow connections to be established using a LOW grade cipher, only to provide a web page stating that the URL is accessible only through a non-LOW grade cipher. In this case even though LOW grade cipher will be listed here QID 38140 will not be reported.

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
SSLv2_PROTOCOL_IS_DISABLED _ _ _ _ _
SSLv3_PROTOCOL_IS_ENABLED _ _ _ _ _
SSLv3 COMPRESSION_METHOD None _ _ _
EDH-RSA-DES-CBC3-SHA DH RSA SHA1 3DES(168)_ HIGH_
DES-CBC3-SHA RSA RSA SHA1 3DES(168)_ HIGH_
DHE-RSA-AES128-SHA DH RSA SHA1 AES(128)_ MEDIUM_
AES128-SHA RSA RSA SHA1 AES(128)_ MEDIUM_
RC4-SHA RSA RSA SHA1 RC4(128)_ MEDIUM_
RC4-MD5 RSA RSA MD5 RC4(128)_ MEDIUM_
TLSv1_PROTOCOL_IS_ENABLED _ _ _ _ _
TLSv1 COMPRESSION_METHOD None _ _ _
EDH-RSA-DES-CBC3-SHA DH RSA SHA1 3DES(168) _HIGH_
DES-CBC3-SHA RSA RSA SHA1 3DES(168) _HIGH_
DHE-RSA-AES128-SHA DH RSA SHA1 AES(128) _MEDIUM_
AES128-SHA RSA RSA SHA1 AES(128) _MEDIUM_
RC4-SHA RSA RSA SHA1 RC4(128) _MEDIUM_
RC4-MD5 RSA RSA MD5 RC4(128) _MEDIUM_
Expand Severity Title Port/Service
1
SSL Session Caching Information port 4285/tcp over SSL
QID:
38291
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
09/16/2004
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
SSL session is a collection of security parameters that are negotiated by the SSL client and server for each SSL connection. SSL session caching is targeted to reduce the overhead of negotiations in recurring SSL connections. SSL sessions can be reused to resume an earlier connection or to establish multiple simultaneous connections. The client suggests an SSL session to be reused by identifying the session with a Session-ID during SSL handshake. If the server finds it appropriate to reuse the session, then they both proceed to secure communication with already known security parameters.

This test determines if SSL session caching is enabled on the host.

IMPACT:
SSL session caching is part of the SSL and TLS protocols and is not a security threat. The result of this test is for informational purposes only.
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
SSLv3 session caching is disabled on the target.TLSv1 session caching is disabled on the target.
Expand Severity Title Port/Service
1
SSL/TLS invalid protocol version tolerance port 4285/tcp over SSL
QID:
38597
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
02/13/2012
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
SSL/TLS protocols have different version that can be supported by both the client and the server. This test attempts to send invalid protocol versions to the target in order to find out what is the targets behavior. The results section contains a table that indicates what was the target's response to each of our tests.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
my versiontarget version
03040301
03990301
0400rejected
0499rejected
Expand Severity Title Port/Service
1
SSL Certificate will expire within next six months port 4285/tcp over SSL
QID:
38600
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
12/26/2012
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Certificate are used for authentication purposes in different protocols such as SSL/TLS. Each certificate has a validity period outside of which it is supposed to be considered invalid. This QID is reported to inform that a certificate will expire within next six months. The advance notice can be helpful since obtaining a certificate can take some time.
IMPACT:
Expired certificates can cause connection disruptions or compromise the integrity and privacy of the connections being protected by certificates.
SOLUTION:
Contact the certificate authority that signed your certificate to arrange for a renewal.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Certificate #0 CN=Unknown,OU=PRO_Server,O=CrashPlan,L=Minneapolis,ST=Minnesota,C=US The certificate will expire within six months: Sep 17 15:12:36 2013 GMT
Expand Severity Title Port/Service
1
TLS Secure Renegotiation Extension Supported port 4285/tcp over SSL
QID:
42350
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
12/01/2011
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Secure Socket Layer (SSL) and Transport Layer Security (TLS) renegotiation are vulnerable to an attack in which the attacker forms a TLS connection with the target server, injects content of his choice, and then splices in a new TLS connection from a client. The server treats the client's initial TLS handshake as a renegotiation and thus believes that the initial data transmitted by the attacker is from the same entity as the subsequent client data. TLS protocol was extended to cryptographically tierenegotiations to the TLS connections they are being performed over, This is referred to as TLS secure renegotiation extension. This detection determines whether the TLS secure renegotiation extension is supported by the server or not.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
TLS Secure Renegotiation Extension Status: not supported.
Expand Severity Title Port/Service
1
SSL Certificate - Information port 4285/tcp over SSL
QID:
86002
Category:
Web server
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
01/23/2003
User Modified:
-
Edited:
No
PCI Vuln:
No
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
NAMEVALUE
(0)CERTIFICATE 0
(0)Version1 (0x0)
(0)Serial Number1221750756 (0x48d26fe4)
(0)Signature Algorithmmd5WithRSAEncryption
(0)ISSUER NAME
countryNameUS
stateOrProvinceNameMinnesota
localityNameMinneapolis
organizationNameCrashPlan
organizationalUnitNamePRO Server
commonNameUnknown
(0)SUBJECT NAME
countryNameUS
stateOrProvinceNameMinnesota
localityNameMinneapolis
organizationNameCrashPlan
organizationalUnitNamePRO Server
commonNameUnknown
(0)Valid FromSep 18 15:12:36 2008 GMT
(0)Valid TillSep 17 15:12:36 2013 GMT
(0)Public Key AlgorithmrsaEncryption
(0)RSA Public Key(1024 bit)
(0) Public-Key: (1024 bit)
(0) Modulus:
(0) 00:a1:37:8a:2b:eb:08:0d:3d:ac:58:5c:a9:c0:f8:
(0) 3c:59:1c:c7:66:ca:1c:80:5c:d7:28:5d:b6:81:82:
(0) c4:4e:34:cd:78:16:a2:25:2e:d9:c8:2e:04:16:d0:
(0) ec:d9:67:7f:b0:46:71:eb:c8:7d:f1:8d:cd:b4:ca:
(0) 8d:7d:fe:c9:8c:b7:7f:58:99:21:58:f1:0a:66:5f:
(0) 5f:ef:72:78:d6:85:cb:7b:d8:4a:76:74:38:9e:64:
(0) 70:3f:32:c0:30:63:c7:95:f2:c3:94:40:97:67:db:
(0) 54:ec:4e:71:e8:90:ea:dd:bd:35:08:1b:ff:01:68:
(0) 14:e2:91:ff:f5:2d:05:a8:b1
(0) Exponent: 65537 (0x10001)
(0)Signature(128 octets)
(0) 2b:d4:a0:f2:6e:37:57:62:df:2e:15:2d:53:ab:61:e7
(0) ea:65:9d:af:c5:f2:bd:f3:08:c6:31:e8:54:b5:65:5b
(0) ab:33:c5:79:c3:9a:7e:88:95:f6:92:1b:46:ec:50:55
(0) 46:ae:0d:ec:25:9e:38:de:a9:8a:12:02:85:20:e4:34
(0) 54:c5:84:3d:4e:51:7f:2d:f0:b6:5a:f9:bd:eb:9a:ed
(0) a2:e4:cd:d2:ea:d3:50:cc:3c:aa:ab:3f:e4:be:a1:ba
(0) c2:12:24:6a:cc:d0:51:ec:d4:61:53:e0:18:94:2f:76
(0) 1f:7b:42:b9:96:7e:6d:23:10:14:87:8c:ec:d5:25:f6
Expand Severity Title Port/Service
1
Web Server Supports HTTP Request Pipelining port 4285/tcp over SSL
QID:
86565
Category:
Web server
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
02/22/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Version 1.1 of the HTTP protocol supports URL-Request Pipelining. This means that instead of using the "Keep-Alive" method to keep the TCP connection alive over multiple requests, the protocol allows multiple HTTP URL requests to be made in the same TCP packet. Any Web server which is HTTP 1.1 compliant should then process all the URLs requested in the single TCP packet and respond as usual.

The target Web server was found to support this functionality of the HTTP 1.1 protocol.

IMPACT:
Support for URL-Request Pipelining has interesting consequences. For example, as explained in this paper by Daniel Roelker, it can be used for evading detection by Intrusion Detection Systems. Also, it can be used in HTTP Response-Spliting style attacks.
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
GET / HTTP/1.1
Host:152.2.41.22:4285

GET /Q_Evasive/ HTTP/1.1
Host:152.2.41.22:4285



HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 315
Last-Modified: Sat, 23 Mar 2013 19:11:49 GMT
Server: Jetty(7.6.3.v20120416)

<!DOCTYPE html>
<html>
<head>
<title></title>
<link rel="icon" type="image/png" href="/consolefavicon.png" />
<meta id="redirect" http-equiv="refresh" content="0;url=/console/"/>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
</head>
<body style="display:none;">
</body>
</html>

HTTP/1.1 302 Found
Set-Cookie: JSESSIONID=ki1bru65psll13s494eu1nma2;Path=/;Secure;HttpOnly
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache, no-store,must-revalidate, max-age=-1
Pragma: no-cache, no-store
Location: https://152.2.41.22:4285/manage/
Content-Length: 0
Server: Jetty(7.6.3.v20120416)
Expand Severity Title Port/Service
1
SSL Web Server Version crashplan.oasis.unc.edu:4285/tcp
QID:
86001
Category:
Web server
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
01/01/1999
User Modified:
-
Edited:
No
PCI Vuln:
No
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Server VersionServer Banner
Jetty(7.6.3.v20120416)Jetty(7.6.3.v20120416)
Expand Severity Title Port/Service
1
List of Web Directories crashplan.oasis.unc.edu:4285/tcp
QID:
86672
Category:
Web server
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
09/10/2004
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Based largely on the HTTP reply code, the following directories are most likely present on the host.
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
DirectorySource
/console/brute force
/console/web page
/console/shared/web page
/console/shared/js/web page
Expand Severity Title Port/Service
5
Built-in Guest Account Not Renamed at Windows Target System
 
QID:
105228
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
03/22/2013
User Modified:
-
Edited:
No
PCI Vuln:
No
CVSS Base:
0[1]
CVSS Temporal:
0
THREAT:
The built-in Guest account is not renamed at the target Microsoft Windows system.
IMPACT:
Knowing a valid username allows for substantially easier bruteforcing attacks.
SOLUTION:
Rename the Guest account.
COMPLIANCE:
Type: CobIT
Section: DS5.4
Description: User Account Management Ensure that requesting, establishing, issuing, suspending, modifying and closing user accounts and related user privileges are addressed by user account management. An approval procedure outlining the data or system owner granting the access privileges should be included. These procedures should apply for all users, including administrators (privileged users), internal and external users, for normal and emergency cases. Rights and obligations relative to access to enterprise systems and information are contractually arranged for all types of users. Perform regular management review of all accounts and related privileges.

EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Guest
Expand Severity Title Port/Service
3
SSL Server Supports Weak Encryption Vulnerability port 1311/tcp over SSL
 
QID:
38140
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/28/2009
User Modified:
-
Edited:
No
PCI Vuln:
Yes
CVSS Base:
9[1]
CVSS Temporal:
7.7
THREAT:
The Secure Socket Layer (SSL) protocol allows for secure communication between a client and a server.

SSL encryption ciphers are classified based on encryption key length as follows:

  • HIGH - key length larger than 128 bits
  • MEDIUM - key length equal to 128 bits
  • LOW - key length smaller than 128 bits

Messages encrypted with LOW encryption ciphers are easy to decrypt. Commercial SSL servers should only support MEDIUM or HIGH strength ciphers to guarantee transaction security.

The following link provides more information about this vulnerability:

Please note that this detection only checks for weak cipher support at the SSL layer. Some servers may implement additional protection at the data layer. For example, some SSL servers and SSL proxies (such as SSL accelerators) allow cipher negotiation to complete but send back an error message and abort further communication on the secure channel. This vulnerability may not be exploitable for such configurations.

IMPACT:
An attacker can exploit this vulnerability to decrypt secure communications without authorization.
SOLUTION:
Disable support for LOW encryption ciphers.

Apache
Typically, for Apache/mod_ssl, httpd.conf or ssl.conf should have the following lines:
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM

For Apache/apache_ssl include the following line in the configuration file (httpsd.conf):
SSLRequireCipher ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM

Tomcat
sslProtocol="SSLv3"
ciphers="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,SSL_DHE_RSA_W
ITH_3DES_EDE_CBC_SHA"

IIS
How to Restrict the Use of Certain Cryptographic Algorithms and Protocols in Schannel.dll (Windows restart required)
How to disable PCT 1.0, SSL 2.0, SSL 3.0, or TLS 1.0 in Internet Information Services (Windows restart required)
Security Guidance for IIS

For Novell Netware 6.5 please refer to the following document SSL Allows the use of Weak Ciphers. -TID10100633

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
CIPHERKEY-EXCHANGEAUTHENTICATIONMACENCRYPTION(KEY-STRENGTH)GRADE
SSLv3 WEAK CIPHERS
EDH-RSA-DES-CBC-SHADHRSASHA1DES(56) LOW
DES-CBC-SHARSARSASHA1DES(56) LOW
EXP-EDH-RSA-DES-CBC-SHADH(512)RSASHA1DES(40) LOW
EXP-DES-CBC-SHARSA(512)RSASHA1DES(40) LOW
EXP-RC4-MD5RSA(512)RSAMD5RC4(40) LOW
TLSv1 WEAK CIPHERS
EDH-RSA-DES-CBC-SHADHRSASHA1DES(56) LOW
DES-CBC-SHARSARSASHA1DES(56) LOW
EXP-EDH-RSA-DES-CBC-SHADH(512)RSASHA1DES(40) LOW
EXP-DES-CBC-SHARSA(512)RSASHA1DES(40) LOW
EXP-RC4-MD5RSA(512)RSAMD5RC4(40) LOW
Expand Severity Title Port/Service
3
SSLv3.0/TLSv1.0 Protocol Weak CBC Mode Vulnerability port 1311/tcp over SSL
 
QID:
42366
Category:
General remote services
CVE ID:
CVE-2011-3389
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
02/07/2013
User Modified:
-
Edited:
No
PCI Vuln:
No
CVSS Base:
4.3
CVSS Temporal:
3.5
THREAT:
SSLv 3.0 and TLS v1.0 protocols are used to provide integrity, authenticity and privacy to other protocols such as HTTP and LDAP. They provide these services by using encryption for privacy, x509 certificates for authenticity and one-way hash functions for integrity. To encrypt data SSL and TLS can use block ciphers, which are encryption algorithms that can encrypt only a fixed block of original data to an encrypted block of the same size. Note that these cihpers will always obtain the same resulting block for the same original blockof data. To achieve difference in the output the output of encryption is XORed with yet another block of the same size referred to as initialization vectors (IV). A special mode of operation for block ciphers known as CBC (cipher block chaining) uses one IV for the initial block and the result of the previous block for each subsequent block to obtain difference in the output of block cipher encryption.

In SSLv3.0 and TLSv1.0 implementation the choice CBC mode usage was poor because the entire traffic shares one CBC session with single set of initial IVs. The rest of the IV are as mentioned above results of the encryption of the previous blocks. The subsequent IV are available to the eavesdroppers. This allows an attacker with the capability to inject arbitrary traffic into the plain-text stream (to be encrypted by the client) to verify their guess of the plain-text preceding the injected block. If the attackers guess is correct then the output of the encryption will be the same for two blocks.

For low entropy data it is possible to guess the plain-text block with relatively few number of attempts. For example for data that has 1000 possibilities the number of attempts can be 500.

For more information please see a paper by Gregory V. Bard.

IMPACT:
Recently attacks against the web authentication cookies have been described which used this vulnerability. If the authentication cookie is guessed by the attacker then the attacker can impersonate the legitimate user on the Web site which accepts the authentication cookie.
SOLUTION:
This attack was identified in 2004 and later revisions of TLS protocol which contain a fix for this. If possible, upgrade to TLSv1.1 or TLSv1.2. If upgrading to TLSv1.1 or TLSv1.2 is not possible, then disabling CBC mode ciphers will remove the vulnerability.

Setting your SSL server to prioritize RC4 ciphers mitigates this vulnerability. Microsoft has posted information including workarounds for IIS at KB2588513.

Using the following SSL configuration in Apache mitigates this vulnerability:

SSLHonorCipherOrder On
SSLCipherSuite RC4-SHA:HIGH:!ADH

Qualys SSL/TLS Deployment Best Practices can be found here.

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Available non CBC cipherServer's choiceSSL version
RC4-SHAEDH-RSA-DES-CBC3-SHASSLv3
RC4-SHAEDH-RSA-DES-CBC3-SHATLSv1
Expand Severity Title Port/Service
2
Hidden RPC Services
 
QID:
11
Category:
RPC
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
01/01/1999
User Modified:
-
Edited:
No
PCI Vuln:
Yes
CVSS Base:
5[1]
CVSS Temporal:
3.6
THREAT:
The Portmapper/Rpcbind listens on port 111 and stores an updated list of registered RPC services running on the server (RPC name, version and port number). It acts as a "gateway" for clients wanting to connect to any RPC daemon.

When the portmapper/rpcbind is removed or firewalled, standard RPC client programs fail to obtain the portmapper list. However, by sending carefully crafted packets, it's possible to determine which RPC programs are listening on which port. This technique is known as direct RPC scanning. It's used to bypass portmapper/rpcbind in order to find RPC programs running on a port (TCP or UDP ports). On Linux servers, RPC services are typically listening on privileged ports (below 1024), whereas on Solaris, RPC services are on temporary ports (starting with port 32700).

IMPACT:
Unauthorized users can build a list of RPC services running on the host. If they discover vulnerable RPC services on the host, they then can exploit them.
SOLUTION:
Firewalling the portmapper port or removing the portmapper service is not sufficient to prevent unauthorized users from accessing the RPC daemons. You should remove all RPC services that are not strictly required on this host.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
NameProgramVersionProtocolPort
nfs1000032-3tcp2049
Expand Severity Title Port/Service
2
Global User List
 
QID:
45002
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
04/08/2009
User Modified:
-
Edited:
No
PCI Vuln:
Yes
CVSS Base:
5[1]
CVSS Temporal:
4.7
THREAT:
This is the global system user list, which was retrieved during the scan by exploiting one or more vulnerabilities. The Qualys IDs for the vulnerabilities leading to the disclosure of these users are also given in the Result section. Each user will be displayed only once, even though it may be obtained by using different methods.
IMPACT:
These common account(s) can be used by a malicious user to break-in the system via password bruteforcing.
SOLUTION:
To prevent your host from being attacked, do one or more of the following:
  • Remove (or rename) unnecessary accounts
  • Shutdown unnecessary network services
  • Ensure the passwords to these accounts are kept secret
  • Use a firewall to restrict access to your hosts from unauthorized domains
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
User NameSource Vulnerability (QualysID)
cas.admin45032
Guest90266, 45027, 45031
balen45031, 105234
Expand Severity Title Port/Service
2
NetBIOS Name Accessible
 
QID:
70000
Category:
SMB / NETBIOS
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
04/28/2009
User Modified:
-
Edited:
No
PCI Vuln:
No
CVSS Base:
0[1]
CVSS Temporal:
0
THREAT:
Unauthorized users can obtain this host's NetBIOS server name from a remote system.
IMPACT:
Unauthorized users can obtain the list of NetBIOS servers on your network. This list outlines trust relationships between server and client computers. Unauthorized users can therefore use a vulnerable host to penetrate secure servers.
SOLUTION:
If the NetBIOS service is not required on this host, disable it. Otherwise, block any NetBIOS traffic at your network boundaries.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
CAS-PY-DFS1B
Expand Severity Title Port/Service
2
Microsoft Windows Remote Desktop Protocol Server Private Key Disclosure
 
QID:
90250
Category:
Windows
CVE ID:
CVE-2005-1794
Vendor Reference
-
Bugtraq ID:
13818
Service Modified:
01/07/2010
User Modified:
-
Edited:
No
PCI Vuln:
Yes
CVSS Base:
6.4
CVSS Temporal:
6.1
THREAT:
Microsoft Windows Remote Desktop Protocol is affected by a private key disclosure vulnerability.

When an RDP client initiates a session with an RDP server, the server responds with a server certificate containing an RSA public key and its digital signature. The client decrypts the signature using the server's public key and compares the result with the hash of the new public key received from the server to verify the identity of the server.

The vulnerability presents itself because a private key that is used to sign the Terminal Server public key is hardcoded in "mstlsapi.dll". A subroutine of the "TLSInit" API dynamically creates, uses and de-allocates this key.

IMPACT:
Successful exploitation can allow the attacker to disclose the key and calculate a valid signature to carry out man in the middle attacks. An attacker could therefore cause the client to connect to a server under their control and send the client a public key to which they possess the private key.
SOLUTION:
There are no vendor-supplied solutions available at this time.

Workarounds:
- As there is no patch, this vulnerability should be mitigated by using some semblance of network filtering (e.g., firewalling RDP off from the open Internet).

For Windows Server 2003, the security of Terminal Server can be enhanced by configuring Terminal Services connections to use Transport Layer Security (TLS) 1.0 for server authentication, and to encrypt terminal server communications. Please refer to cc782610 to obtain additional details.

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Detected service win_remote_desktop and os WINDOWS VISTA / WINDOWS 2008 / WINDOWS 7
Expand Severity Title Port/Service
2
Unused Active Windows Accounts Found
 
QID:
105234
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/11/2009
User Modified:
-
Edited:
No
PCI Vuln:
No
CVSS Base:
0[1]
CVSS Temporal:
0
THREAT:
The target Microsoft Windows system has active user accounts that were never used to logon to the system.
IMPACT:
N/A
SOLUTION:
Workaround:
Remove the unused accounts.
COMPLIANCE:
Type: CobIT
Section: DS5.4
Description: User Account Management Ensure that requesting, establishing, issuing, suspending, modifying and closing user accounts and related user privileges are addressed by user account management. An approval procedure outlining the data or system owner granting the access privileges should be included. These procedures should apply for all users, including administrators (privileged users), internal and external users, for normal and emergency cases. Rights and obligations relative to access to enterprise systems and information are contractually arranged for all types of users. Perform regular management review of all accounts and related privileges.

EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
balen
Expand Severity Title Port/Service
2
SSL Certificate - Self-Signed Certificate port 1311/tcp over SSL
 
QID:
38169
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/24/2009
User Modified:
-
Edited:
No
PCI Vuln:
Yes
CVSS Base:
9.4[1]
CVSS Temporal:
6.9
THREAT:
An SSL Certificate associates an entity (person, organization, host, etc.) with a Public Key. In an SSL connection, the client authenticates the remote server using the server's Certificate and extracts the Public Key in the Certificate to establish the secure connection.

The client can trust that the Server Certificate belongs the server only if it is signed by a mutually trusted third-party Certificate Authority (CA). Self-signed certificates are created generally for testing purposes or to avoid paying third-party CAs. These should not be used on any production or critical servers.

By exploiting this vulnerability, an attacker can impersonate the server by presenting a fake self-signed certificate. If the client knows that the server does not have a trusted certificate, it will accept this spoofed certificate and communicate with the remote server.

IMPACT:
By exploiting this vulnerability, an attacker can launch a man-in-the-middle attack.
SOLUTION:
Please install a server certificate signed by a trusted third-party Certificate Authority.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Certificate #0 CN=CAS-PY-DFS1B,O=Dell_Inc,OU=SA_Enterprise_Software_Development,L=Round_Rock,ST=TX,C=US is a self signed certificate.
Expand Severity Title Port/Service
2
SSL Certificate - Subject Common Name Does Not Match Server FQDN port 1311/tcp over SSL
 
QID:
38170
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
09/29/2008
User Modified:
-
Edited:
No
PCI Vuln:
No
CVSS Base:
2.6[1]
CVSS Temporal:
2.1
THREAT:
An SSL Certificate associates an entity (person, organization, host, etc.) with a Public Key. In an SSL connection, the client authenticates the remote server using the server's Certificate and extracts the Public Key in the Certificate to establish the secure connection.

A certificate whose Subject commonName or subjectAltName does not match the server FQDN offers only encryption without authentication.

Please note that a false positive reporting of this vulnerability is possible in the following case:

    If the common name of the certificate uses a wildcard such as *.somedomainname.com and the reverse DNS resolution of the target IP is not configured. In this case there is no way for QualysGuard to associate the wildcard common name to the IP. Adding a reverse DNS lookup entry to the target IP will solve this problem.

IMPACT:
A man-in-the-middle attacker can exploit this vulnerability in tandem with a DNS cache poisoning attack to lure the client to another server, and then steal all the encryption communication.
SOLUTION:
Please install a server certificate whose Subject commonName or subjectAltName matches the server FQDN.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Certificate #0 CN=CAS-PY-DFS1B,O=Dell_Inc,OU=SA_Enterprise_Software_Development,L=Round_Rock,ST=TX,C=US (CAS-PY-DFS1B) doesn't resolve
Expand Severity Title Port/Service
2
SSL Certificate - Signature Verification Failed Vulnerability port 1311/tcp over SSL
 
QID:
38173
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/22/2009
User Modified:
-
Edited:
No
PCI Vuln:
Yes
CVSS Base:
9.4[1]
CVSS Temporal:
6.9
THREAT:
An SSL Certificate associates an entity (person, organization, host, etc.) with a Public Key. In an SSL connection, the client authenticates the remote server using the server's Certificate and extracts the Public Key in the Certificate to establish the secure connection. The authentication is done by verifying that the public key in the certificate is signed by a trusted third-party Certificate Authority.

If a client is unable to verify the certificate, it can abort communication or prompt the user to continue the communication without authentication.

IMPACT:
By exploiting this vulnerability, man-in-the-middle attacks in tandem with DNS cache poisoning can occur.

Exception:
If the server communicates only with a restricted set of clients who have the server certificate or the trusted CA certificate, then the server or CA certificate may not be available publicly, and the scan will be unable to verify the signature.

SOLUTION:
Please install a server certificate signed by a trusted third-party Certificate Authority.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Certificate #0 CN=CAS-PY-DFS1B,O=Dell_Inc,OU=SA_Enterprise_Software_Development,L=Round_Rock,ST=TX,C=US self signed certificate
Expand Severity Title Port/Service
3
SMB Signing Disabled or SMB Signing Not Required
 
QID:
90043
Category:
Windows
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
04/18/2013
User Modified:
-
Edited:
No
PCI Vuln:
Yes
CVSS Base:
7.3[1]
CVSS Temporal:
6.3
THREAT:
This host does not seem to be using SMB (Server Message Block) signing. SMB signing is a security mechanism in the SMB protocol and is also known as security signatures. SMB signing is designed to help improve the security of the SMB protocol.

SMB signing adds security to a network using NetBIOS, avoiding man-in-the-middle attacks.

When SMB signing is enabled on both the client and server SMB sessions are authenticated between the machines on a packet by packet basis.

IMPACT:
Unauthorized users sniffing the network could catch many challenge/response exchanges and replay the whole thing to grab particular session keys, and then authenticate on the Domain Controller.
SOLUTION:
Without SMB signing, a device could intercept SMB network packets from an originating computer, alter their contents, and broadcast them to the destination computer. Since, digitally signing the packets enables the recipient of the packets to confirm their point of origination and their authenticity, it is recommended that SMB signing is enabled and required.

Please refer to Microsoft's article 887429 for information on enabling SMB signing.

For Windows Server 2008 R2, Windows Server 2012, please refer to Microsoft's article Require SMB Security Signatures for information on enabling SMB signing.

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
No results available
Expand Severity Title Port/Service
2
Windows User Accounts With Unchanged Passwords
 
QID:
105236
Category:
Security Policy
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/11/2009
User Modified:
-
Edited:
No
PCI Vuln:
No
CVSS Base:
0[1]
CVSS Temporal:
0
THREAT:
The target Microsoft Windows system has some user accounts with passwords which have never changed. This may include any disabled accounts that you may have.
IMPACT:
N/A
SOLUTION:
Please check if this adheres with your security policy and remove unwanted accounts.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Guest
Expand Severity Title Port/Service
2
TLS Protocol Session Renegotiation Security Vulnerability port 1311/tcp over SSL
 
QID:
38596
Category:
General remote services
CVE ID:
CVE-2009-3555
Vendor Reference
-
Bugtraq ID:
36935
Service Modified:
08/31/2010
User Modified:
-
Edited:
No
PCI Vuln:
No
CVSS Base:
5.8
CVSS Temporal:
5
THREAT:
Transport Layer Security (TLS) is a cryptographic protocol that provides security for communications over networks at the Transport Layer.

TLS protocol is prone to a security vulnerability that allows for man-in-the-middle attacks. Note that this issue does not allow attackers to decrypt encrypted data

Specifically, the issue exists in a way applications handle the session renegotiation process and may allow attackers to inject arbitrary plaintext into the beginning of application protocol stream. The attack has been confirmed to work with HTTP as the application protocol but it is believed to be also possible with other protocols that are layered on TLS.

IMPACT:
In case of the HTTP protocol used with the vulnerable TLS implementation, this attack is carried out by intercepting 'Client Hello' requests and then forcing session renegotiation. An unauthorized attacker can then cause the webserver to process arbitrary requests that would otherwise require valid client side certificate for authorization. Please note that the attacker will not be able to gain direct access to the server response.

Mitigating factors: To successfully exploit this vulnerability a full man-in-the-middle control of the TCP connection is required. The attacker needs to accept the TCP connection from the client and establish a new connection to the server.

SOLUTION:
For Microsoft Windows, refer to MS10-049 for further information.

Workaround:
OpenSSL has provided a version (0.9.8l) that has a workaround. Please refer to OpenSSL Change Log (Changes between 0.9.8k and 0.9.8l Section) to obtain additional details.

Microsoft has provided the following workaround:

- Enable SSLAlwaysNegoClientCert on IIS 6 and above: Web servers running IIS 6 and later that are affected because they require mutual authentication by requesting a client certificate, can be hardened by enabling the SSLAlwaysNegoClientCert setting. This will cause IIS to prompt the client for a certificate upon the initial connection, and does not require a server-initiated renegotiation.

Impact of the workaround: Setting this flag will require the client to authenticate prior to loading any element from the SSL-protected web site. This will cause the browser to always prompt the user for a client certificate upon connecting to the SSL protected Web site.

Refer to Microsoft Security Advisory 977377 for further details on applying the workarounds. Additional information is also available at KB977377.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

TLS Session Renegotiation: Windows

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
Reference:
CVE-2009-3555
Description:
SSL MITM Vulnerability - The Exploit-DB Ref : 9972
Link:
http://www.exploit-db.com/exploits/9972
Reference:
CVE-2009-3555
Description:
Mozilla NSS NULL Character CA SSL Certificate Validation Security Bypass Vulnerability - The Exploit-DB Ref : 10071
Link:
http://www.exploit-db.com/exploits/10071
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Number of SSL renegotiations:1
Expand Severity Title Port/Service
2
Deprecated Public Key Length port 1311/tcp over SSL
 
QID:
38598
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
08/09/2012
User Modified:
-
Edited:
No
PCI Vuln:
No
CVSS Base:
5[1]
CVSS Temporal:
3.6
THREAT:
NIST has a special publication SP800-131Ain which it has several recommendation regarding cryptographic algorithm and key length use. The recommendation for key length is: - key lengths less then 1024 bits are disallowed, which means they are considered weak and should not be used. - key lengths between 1024 bits and 2047 bits are deprecated - key lengths 2048 and more are approved and safe to use. The deprecated status of 1024-2047 bit keys will change to disallowed at the end of 2013.
IMPACT:
Since most certificates are issued for one to two years make sure your certificate will not be used after 2013.
SOLUTION:
Please obtain a 2048 bit or more public key length certificate from your Certificate Authority.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Certificate #0
RSA Public Key (1024 bit)
Public-Key: (1024 bit)
Modulus:
00:f3:41:2b:36:2b:1c:94:f9:00:09:1c:03:00:b0:
25:c7:b8:bf:7b:ec:2e:7b:2c:3b:1a:5c:15:a3:55:
d3:d5:e1:43:aa:82:9b:a4:15:bc:75:3c:f2:97:06:
c9:d8:a5:9d:de:cc:45:e5:bb:7e:c3:a1:2d:f2:30:
d3:84:24:b6:21:c7:7d:9e:83:17:30:0a:7d:6e:c3:
6f:d8:0b:b5:31:f4:80:ad:eb:72:76:3e:c5:65:cb:
04:4d:6d:cb:ab:00:13:e1:d0:54:12:e0:4a:b2:e6:
68:1c:bf:03:a0:a7:34:c7:a1:9d:79:c7:4b:c7:ae:
39:73:2c:aa:4a:a6:d0:90:c3
Exponent: 65537 (0x10001)
Expand Severity Title Port/Service
3
Remote Access or Management Service Detected
QID:
42017
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
10/17/2011
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
A remote access or remote management service was detected. If such a service is accessible to malicious users it can be used to carry different type of attacks. Malicious users could try to brute force credentials or collect additional information on the service which could enable them in crafting further attacks.

The Results section includes information on the remote access service that was found on the target.

Services like Telnet, Rlogin, SSH, windows remote desktop, pcAnywhere, Citrix Management Console, Remote Admin (RAdmin), VNC, OPENVPN and ISAKMP are checked.

IMPACT:
Consequences vary by the type of attack.
SOLUTION:
Expose the remote access or remote management services only to the system administrators or intended users of the system.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Service name: Remote Desktop on TCP port 3389.
Expand Severity Title Port/Service
3
Accounts Enumerated From SAM Database Whose Passwords Do Not Expire
QID:
45031
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
08/30/2004
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The Security Accounts Manager holds user and machine account information. The scanner found at least one user or machine account in the SAM database for the target Windows machine whose password does not expire. The accounts are listed in the Result section.
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
User/Machine Accounts With Passwords That Do Not Expire:
balen Guest
Expand Severity Title Port/Service
3
NetBIOS Bindings Information
QID:
70004
Category:
SMB / NETBIOS
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/09/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The following bindings were detected on this computer. Bindings have many purposes. They reflect such things as users logged-in, registration of a user name, registration of a service in a domain, and registering of a NetBIOS name.
IMPACT:
Unauthorized users can use this information in further attacks against the host. A list of logged-in users on the target host/network can potentially be used to launch social engineering attacks.
SOLUTION:
This service uses the UDP and TCP port 137. Typically, this port should not be accessible to external networks, and should be firewalled.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
NameServiceNetBIOS Suffix
CAS-PY-DFS1BWorkstation Service0x0
ADDomain Name0x0
CAS-PY-DFS1BFile Server Service0x20
Expand Severity Title Port/Service
3
NetBIOS Shared Folders
QID:
70030
Category:
SMB / NETBIOS
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
10/29/2003
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The following NetBIOS shared folders have been detected.
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Device NameCommentTypeLabelSizeDescription
ADMIN$Remote Admin-2147483648
andilab 0
arnoldlab 0
arnoldlab2 0
C$Default share-2147483648
D$Default share-2147483648
E$Default share-2147483648
F$Default share-2147483648
fac 0
facwebsite 0
gordongroup 0
grad 0
IPC$Remote IPC-2147483645
paolab 0
peter 0
staff 0
wrkgrps 0
Expand Severity Title Port/Service
2
Operating System Detected
QID:
45017
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
02/09/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Several different techniques can be used to identify the operating system (OS) running on a host. A short description of these techniques is provided below. The specific technique used to identify the OS on this host is included in the RESULTS section of your report.

1) TCP/IP Fingerprint: The operating system of a host can be identified from a remote system using TCP/IP fingerprinting. All underlying operating system TCP/IP stacks have subtle differences that can be seen in their responses to specially-crafted TCP packets. According to the results of this "fingerprinting" technique, the OS version is among those listed below.

Note that if one or more of these subtle differences are modified by a firewall or a packet filtering device between the scanner and the host, the fingerprinting technique may fail. Consequently, the version of the OS may not be detected correctly. If the host is behind a proxy-type firewall, the version of the operating system detected may be that for the firewall instead of for the host being scanned.

2) NetBIOS: Short for Network Basic Input Output System, an application programming interface (API) that augments the DOS BIOS by adding special functions for local-area networks (LANs). Almost all LANs for PCs are based on the NetBIOS. Some LAN manufacturers have even extended it, adding additional network capabilities. NetBIOS relies on a message format called Server Message Block (SMB).

3) PHP Info: PHP is a hypertext pre-processor, an open-source, server-side, HTML-embedded scripting language used to create dynamic Web pages. Under some configurations it is possible to call PHP functions like phpinfo() and obtain operating system information.

4) SNMP: The Simple Network Monitoring Protocol is used to monitor hosts, routers, and the networks to which they attach. The SNMP service maintains Management Information Base (MIB), a set of variables (database) that can be fetched by Managers. These include "MIB_II.system.sysDescr" for the operating system.

IMPACT:
Not applicable.
SOLUTION:
Not applicable.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Operating SystemTechniqueID
Windows 2008 Enterprise Server Service Pack 2CIFS via TCP Port 445
Windows Vista / Windows 2008 / Windows 7TCP/IP FingerprintU2514:135
Windows 2003/XP/Vista/2008MS-RPCFingerprint
Windows 2008/VistaNTLMSSP
Expand Severity Title Port/Service
2
Windows Effective Password Policy Information Gathering Via SAM Database
QID:
45026
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
07/29/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
This check probes the SAM database on the target host for password policy information. Information gathered is:

Minimum Password Age in Days
Maximum Password Age in Days
Minimum Password Length in Characters
Password History (Number of old passwords remembered)

The policy is the effective policy, which is a combination of the local policy settings (if any) and the domain-wide policy settings made on the Domain Controller(s) for the domain.

This probe requires authentication to be successful.

IMPACT:
This password policy information may be used for auditing a Windows-based network for password policy compliance of its nodes. An attacker with a working account can use it to query the network and obtain information.
SOLUTION:
N/A
COMPLIANCE:
Type: CobIT
Section: DS5.4
Description: DS5.4 User Account Management Ensure that requesting, establishing, issuing, suspending, modifying and closing user accounts and related user privileges are addressed by user account management. An approval procedure outlining the data or system owner granting the access privileges should be included. These procedures should apply for all users, including administrators (privileged users), internal and external users, for normal and emergency cases. Rights and obligations relative to access to enterprise systems and information are contractually arranged for all types of users. Perform regular management review of all accounts and related privileges.

Type: GLBA
Section: N/A
Description: Ensure the confidentiality and protection of passwords through secure password creation and distribution mechanisms.

Type: HIPAA
Section: 164.308(a)(5)(ii)(D)
Description: Password management Procedures for creating, changing, and safeguarding passwords.

Type: SOX
Section: N/A
Description: User Access Management Granting resource access, user ID and password requirements, individual accountability, limited utilization of native administrative IDs, non-employee user ID expiration, reporting employee and contractor status changes. Operating System Access Control Password enforcement, logon information, password display and printing, required password changes, vendor default passwords, security changes after system compromise, systems software utility usage, automatic log off. Password Management Procedures exist that ensure the confidentiality and protection of passwords through secure password creation and distribution mechanisms, the enforcement and adherence to acceptable password standards, and the regular changing of passwords.

EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Effective Password Policy:

Mininum Password Length - 0 (Not defined/Infinite).
Password History Length - 0 (Not defined/Infinite).
Minimum Password Age - 0 (Not defined/Infinite).
Maximum Password Age - 42 Days.
Password Complexity - Set.
Store Password Using Reversible Encryption - Not Set.
Expand Severity Title Port/Service
2
Windows Domain Effective Account Lockout Policy Information Gathered Via SAM Database
QID:
45028
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
12/30/2003
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The Security and Accounts Manager (SAM) Database of any Windows host participating in a Windows Domain has information about the account lockout policy set on that system. Such information was gathered from the target and is shown in the Results section below.

It should be noted that if the Domain Controller/Active Directory on this domain enforces a policy as well, the Domain Controller policy will override the local policies (if any) of each host. Further, it takes up to a couple of minutes for changes on the Domain Controller policy to be propogated to all the individual hosts on that domain.

SOLUTION:
 
COMPLIANCE:
Type: CobIT
Section: DS5.4
Description: User Account Management Ensure that requesting, establishing, issuing, suspending, modifying and closing user accounts and related user privileges are addressed by user account management. An approval procedure outlining the data or system owner granting the access privileges should be included. These procedures should apply for all users, including administrators (privileged users), internal and external users, for normal and emergency cases. Rights and obligations relative to access to enterprise systems and information are contractually arranged for all types of users. Perform regular management review of all accounts and related privileges.

Type: GLBA
Section: N/A
Description: Ensure that accounts are locked after unsuccessful login attempts.

Type: HIPAA
Section: 164.312(a)(1)
Description: Standard: Access Control Implement technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to those persons or software programs that have been granted access rights as specified in 164.308(a)(4).

Type: SOX
Section: N/A
Description: Ensure that accounts are locked after unsuccessful login attempts and that failed login attempts are logged.

EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Effective Account Lockout Policy:

Maximum Failed Logon Attempts Before Lockout - 0 (Not defined/Infinite/Will Not Lockout).
Lockout Logon-Attempts-Counter Duration - 15 Minutes.
Lockout Duration - 15 Minutes.
Expand Severity Title Port/Service
2
Open DCE-RPC / MS-RPC Services List
QID:
70022
Category:
SMB / NETBIOS
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
06/06/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The following DCE-RPC / MS-RPC services are active on the remote host.
IMPACT:
N/A
SOLUTION:
Shut down any unknown or unused service on the list. In Windows, this is done in the "Services" Control Panel. In other environments, this usually requires editing a configuration file or start-up script. If you have provided Windows Authentication credentials, the Microsoft Registry service supporting the named pipe "\PIPE\winreg" must be present to allow CIFS to access the Registry.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
DescriptionVersionTCP PortsUDP PortsHTTP PortsNetBIOS/CIFS Pipes
DCE Endpoint Mapper3.0135 \PIPE\epmapper
DCE Remote Management1.0 \PIPE\epmapper
DCOM OXID Resolver0.0135 \PIPE\epmapper
DCOM Remote Activation0.0135 \PIPE\epmapper
DCOM System Activator0.0135 \PIPE\epmapper
Microsoft Event Log Service0.0 \PIPE\eventlog
Microsoft Local Security Architecture0.0 \PIPE\lsarpc
Microsoft Network Logon1.0 \PIPE\NETLOGON
Microsoft Registry1.0 \PIPE\winreg
Microsoft Scheduler Control Service1.0 \PIPE\atsvc
Microsoft Security Account Manager1.049154 \PIPE\samr, \pipe\lsass
Microsoft Server Service3.0 \PIPE\srvsvc
Microsoft Service Control Service2.055177 \PIPE\svcctl
Microsoft Spool Subsystem1.049164
Microsoft Task Scheduler1.0 \PIPE\atsvc
Microsoft Workstation Service1.0 \PIPE\wkssvc
WinHttp Auto-Proxy Service5.1 \PIPE\W32TIME_ALT, \PIPE\wkssvc
(Unknown Service)1.0135
(Unknown Service)0.0135
(Unknown Service)2.0135
RPC ROUTER SERVICE1.0 \PIPE\ROUTER
Impl friendly name1.049155 \pipe\lsass, \PIPE\ROUTER, \PIPE\srvsvc, \PIPE\atsvc
(Unknown Service)1.049152 \PIPE\InitShutdown
(Unknown Service)1.0 \PIPE\InitShutdown
DHCP Client LRPC Endpoint1.049153 \pipe\eventlog
DHCPv6 Client LRPC Endpoint1.049153 \pipe\eventlog
Event log TCPIP1.049153 \pipe\eventlog
(Unknown Service)1.049155 \PIPE\ROUTER, \PIPE\srvsvc, \PIPE\atsvc
IKE/Authip API1.049155 \PIPE\atsvc
(Unknown Service)1.049155 \PIPE\atsvc
Remote Fw APIs1.049164
Unimodem LRPC Endpoint1.0 \pipe\tapsrv
Frs2 Service1.055196
Expand Severity Title Port/Service
2
Host Uptime Based on TCP TimeStamp Option
QID:
82063
Category:
TCP/IP
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/29/2007
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The TCP/IP stack on the host supports the TCP TimeStamp (kind 8) option. Typically the timestamp used is the host's uptime (since last reboot) in various units (e.g., one hundredth of second, one tenth of a second, etc.). Based on this, we can obtain the host's uptime. The result is given in the Result section below.

Some operating systems (e.g., MacOS, OpenBSD) use a non-zero, probably random, initial value for the timestamp. For these operating systems, the uptime obtained does not reflect the actual uptime of the host; the former is always larger than the latter.

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Based on TCP timestamps obtained via port 135, the host's uptime is 29 days, 13 hours, and 49 minutes.
The TCP timestamps from the host are in units of 10 milliseconds.
Expand Severity Title Port/Service
2
Real Name of Built-in Guest Account Enumerated
QID:
90266
Category:
Windows
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
08/30/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Microsoft best practices documents recommend renaming the built-in Guest account. This test enumerates the actual name of the built-in Guest account.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Guest
Expand Severity Title Port/Service
1
DNS Host Name
QID:
6
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
01/01/1999
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The fully qualified domain name of this host, if it was obtained from a DNS server, is displayed in the RESULT section.
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
IP addressHost name
152.2.41.165cas-py-dfs1b.ad.unc.edu
Expand Severity Title Port/Service
1
Firewall Detected
QID:
34011
Category:
Firewall
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
10/16/2001
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
A packet filtering device protecting this IP was detected. This is likely to be a firewall or a router using access control lists (ACLs).
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Some of the ports filtered by the firewall are: 2869.
Firewall responded to TCP probes sent to port 21 with RST packets (hopcount to firewall 2 vs hopcount to target 5).
Expand Severity Title Port/Service
1
Network Adapter MAC Address
QID:
43007
Category:
Hardware
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
11/29/2004
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
It is possible to obtain the MAC address information of the network adapters on the target system. Various sources such as SNMP and NetBIOS provide such information. This vulnerability test attempts to gather and report on this information in a table format.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
MethodMAC AddressVendor
NBTSTAT00:22:19:2C:6F:AA
Expand Severity Title Port/Service
1
Target Network Information
QID:
45004
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
08/15/2013
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The information shown in the Result section was returned by the network infrastructure responsible for routing traffic from our cloud platform to the target network (where the scanner appliance is located).

This information was returned from: 1) the WHOIS service, or 2) the infrastructure provided by the closest gateway server to our cloud platform. If your ISP is routing traffic, your ISP's gateway server returned this information.

IMPACT:
This information can be used by malicious users to gather more information about the network infrastructure that may help in launching attacks against it.
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
The network handle is: UNCCH-NET
Network description:
University of North Carolina at Chapel Hill
Expand Severity Title Port/Service
1
Internet Service Provider
QID:
45005
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
08/15/2013
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The information shown in the Result section was returned by the network infrastructure responsible for routing traffic from our cloud platform to the target network (where the scanner appliance is located).

This information was returned from: 1) the WHOIS service, or 2) the infrastructure provided by the closest gateway server to our cloud platform. If your ISP is routing traffic, your ISP's gateway server returned this information.This information was gathered using the WHOIS service for the network and is believed to be the ISP of the target network.

IMPACT:
This information can be used by malicious users to gather more information about the network infrastructure that may aid in launching further attacks against it.
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
The ISP network handle is: UNCCH-NET
ISP Network description:
University of North Carolina at Chapel Hill
Expand Severity Title Port/Service
1
Traceroute
QID:
45006
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/09/2003
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Traceroute describes the path in realtime from the scanner to the remote host being contacted. It reports the IP addresses of all the routers in between.
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
HopsIPRound Trip TimeProbe
1152.2.20.10.40msICMP
2152.19.253.1050.87msICMP
3152.19.255.2540.97msICMP
4152.19.255.2101.02msICMP
5152.2.41.1651.47msICMP
Expand Severity Title Port/Service
1
Disabled Accounts Enumerated From SAM Database
QID:
45027
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
10/29/2003
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The Security Accounts Manager holds user and machine account information. The scanner found at least one disabled user or machine account in the SAM database for the target Windows machine. The accounts found are listed in the Results section.
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Disabled User/Machine Accounts:
Guest
Expand Severity Title Port/Service
1
Administrator Account's Real Name Found From LSA Enumeration
QID:
45032
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
02/17/2004
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
LSA (Local Security Authority Database) is a protected subsystem that authenticates and logs users onto the local system.

Windows systems by default have the administrator account's name configured as "Administrator". This can very easily be changed to a non-default value (like root, for example) to harden security against password bruteforcing.

LSA, internally, refers to user accounts by what are called RIDs (Relative IDs) instead of the friendlier names (like "Administrator") used only for GUI and display purposes. The administrator account on any Windows system always has a RID of 500, even if the name has been changed.

The scanner probed the LSA for the name that maps to the RID of 500, which is the administrator account name, changed or unchanged. The name is listed in the Result section below.

SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
cas.admin
Expand Severity Title Port/Service
1
Host Scan Time
QID:
45038
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
11/18/2004
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The Host Scan Time is the period of time it takes the scanning engine to perform the vulnerability assessment of a single target host. The Host Scan Time for this host is reported in the Result section below.

The Host Scan Time does not have a direct correlation to the Duration time as displayed in the Report Summary section of a scan results report. The Duration is the period of time it takes the service to perform a scan task. The Duration includes the time it takes the service to scan all hosts, which may involve parallel scanning. It also includes the time it takes for a scanner appliance to pick up the scan task and transfer the results back to the service's Secure Operating Center. Further, when a scan task is distributed across multiple scanners, the Duration includes the time it takes to perform parallel host scanning on all scanners.

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Scan duration: 700 seconds

Start time: Sat, Mar 23 2013, 15:00:56 GMT

End time: Sat, Mar 23 2013, 15:12:36 GMT
Expand Severity Title Port/Service
1
Host Names Found
QID:
45039
Category:
Information gathering
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
02/14/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The following host names were discovered for this computer using various methods such as DNS look up, NetBIOS query, and SQL server name query.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Host NameSource
CAS-PY-DFS1B.ad.unc.eduNTLM DNS
cas-py-dfs1b.ad.unc.eduFQDN
CAS-PY-DFS1BNTLM NetBIOS
CAS-PY-DFS1BNetBIOS
Expand Severity Title Port/Service
1
Windows Authentication Method
QID:
70028
Category:
SMB / NETBIOS
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
12/09/2008
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Windows authentication was performed. The Results section in your detailed results includes a list of authentication credentials used.

The service also attempts to authenticate using common credentials. You should verify that the credentials used for successful authentication were those that were provided in the Windows authentication record. User-provided credentials failed if the discovery method shows "Unable to log in using credentials provided by user, fallback to NULL session". If this is the case, verify that the credentials specified in the Windows authentication record are valid for this host.

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
User NameDOM qualys.scn
DomainAD
Authentication SchemeKerberos
SecurityUser-based
SMBv1 SigningDisabled
Discovery MethodLogin credentials provided by user
Authentication RecordAD.UNC.EDU Credentials
CIFS VersionSMB v2.002
Expand Severity Title Port/Service
1
Windows Authentication Method for User-Provided Credentials
QID:
70053
Category:
SMB / NETBIOS
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
11/05/2009
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Windows authentication was performed and successful with user-provided credentials. The Results section in your detailed results includes a list of authentication credentials used.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
User NameDOM qualys.scn
DomainAD
Authentication SchemeKerberos
SecurityUser-based
SMBv1 SigningDisabled
Authentication RecordAD.UNC.EDU Credentials
Expand Severity Title Port/Service
1
Open UDP Services List
QID:
82004
Category:
TCP/IP
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
07/11/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
A port scanner was used to draw a map of all the UDP services on this host that can be accessed from the Internet.

Note that if the host is behind a firewall, there is a small chance that the list includes a few ports that are filtered or blocked by the firewall but are not actually open on the target host. This (false positive on UDP open ports) may happen when the firewall is configured to reject UDP packets for most (but not all) ports with an ICMP Port Unreachable packet. This may also happen when the firewall is configured to allow UDP packets for most (but not all) ports through and filter/block/drop UDP packets for only a few ports. Both cases are uncommon.

IMPACT:
Unauthorized users can exploit this information to test vulnerabilities in each of the open services.
SOLUTION:
Shut down any unknown or unused service on the list. If you have difficulty working out which service is provided by which process or program, contact your provider's support team. For more information about commercial and open-source Intrusion Detection Systems available for detecting port scanners of this kind, visit the CERT Web site.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
PortIANA Assigned Ports/ServicesDescriptionService Detected
111sunrpcSUN Remote Procedure Callrpc udp
123ntpNetwork Time Protocolunknown
137netbios-nsNETBIOS Name Servicenetbios ns
138netbios-dgmNETBIOS Datagram Serviceunknown
500isakmpisakmpunknown
1039unknownunknownunknown
1047neod1Sun's NEO Object Request Brokerunknown
1048neod2Sun's NEO Object Request Brokerunknown
2049nfsNetwork File System - Sun Microsystemsnfs
Expand Severity Title Port/Service
1
Open TCP Services List
QID:
82023
Category:
TCP/IP
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
06/15/2009
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The port scanner enables unauthorized users with the appropriate tools to draw a map of all services on this host that can be accessed from the Internet. The test was carried out with a "stealth" port scanner so that the server does not log real connections.

The Results section displays the port number (Port), the default service listening on the port (IANA Assigned Ports/Services), the description of the service (Description) and the service that the scanner detected using service discovery (Service Detected).

IMPACT:
Unauthorized users can exploit this information to test vulnerabilities in each of the open services.
SOLUTION:
Shut down any unknown or unused service on the list. If you have difficulty figuring out which service is provided by which process or program, contact your provider's support team. For more information about commercial and open-source Intrusion Detection Systems available for detecting port scanners of this kind, visit the CERT Web site.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
PortIANA Assigned Ports/ServicesDescriptionService DetectedOS On Redirected Port
111sunrpcSUN Remote Procedure Callrpc
135msrpc-epmapepmap DCE endpoint resolutionDCERPC Endpoint Mapper
139netbios-ssnNETBIOS Session Servicenetbios ssn
445microsoft-dsMicrosoft-DSmicrosoft-ds
1039unknownunknownrpc
1047neod1Sun's NEO Object Request Brokerrpc
1048neod2Sun's NEO Object Request Brokerrpc
1311rxmonRxMonhttp over ssl
2049nfsNetwork File System - Sun Microsystemsrpc
3389ms-wbt-serverMS WBT Serverwin remote desktop
47001unknownunknownhttp
49152unknownunknownunknown
49153unknownunknownunknown
49154unknownunknownunknown
49155unknownunknownunknown
49164unknownunknownunknown
55177unknownunknownunknown
55196unknownunknownunknown
Expand Severity Title Port/Service
1
ICMP Replies Received
QID:
82040
Category:
TCP/IP
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
01/16/2003
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
ICMP (Internet Control and Error Message Protocol) is a protocol encapsulated in IP packets. ICMP's principal purpose is to provide a protocol layer that informs gateways of the inter-connectivity and accessibility of other gateways or hosts.

We have sent the following types of packets to trigger the host to send us ICMP replies:

Echo Request (to trigger Echo Reply)
Timestamp Request (to trigger Timestamp Reply)
Address Mask Request (to trigger Address Mask Reply)
UDP Packet (to trigger Port Unreachable Reply)
IP Packet with Protocol >= 250 (to trigger Protocol Unreachable Reply)

Listed in the "Result" section are the ICMP replies that we have received.

SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
ICMP Reply TypeTriggered ByAdditional Information
Echo (type=0 code=0)Echo RequestEcho Reply
Unreachable (type=3 code=3)UDP Port 80Port Unreachable
Unreachable (type=3 code=3)UDP Port 1046Port Unreachable
Unreachable (type=3 code=3)UDP Port 5569Port Unreachable
Time Stamp (type=14 code=0)Time Stamp Request15:03:19 GMT
Unreachable (type=3 code=3)UDP Port 512Port Unreachable
Unreachable (type=3 code=3)UDP Port 9Port Unreachable
Unreachable (type=3 code=3)UDP Port 1049Port Unreachable
Unreachable (type=3 code=3)UDP Port 21451Port Unreachable
Unreachable (type=3 code=2)IP with High ProtocolProtocol Unreachable
Unreachable (type=3 code=3)UDP Port 4000Port Unreachable
Unreachable (type=3 code=3)UDP Port 1028Port Unreachable
Unreachable (type=3 code=3)UDP Port 1037Port Unreachable
Expand Severity Title Port/Service
1
NetBIOS Host Name
QID:
82044
Category:
TCP/IP
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
01/20/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The NetBIOS host name of this computer has been detected.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
CAS-PY-DFS1B
Expand Severity Title Port/Service
1
Degree of Randomness of TCP Initial Sequence Numbers
QID:
82045
Category:
TCP/IP
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
11/19/2004
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
TCP Initial Sequence Numbers (ISNs) obtained in the SYNACK replies from the host are analyzed to determine how random they are. The average change between subsequent ISNs and the standard deviation from the average are displayed in the RESULT section. Also included is the degree of difficulty for exploitation of the TCP ISN generation scheme used by the host.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Average change between subsequent TCP initial sequence numbers is 1216669619 with a standard deviation of 745665195. These TCP initial sequence numbers were triggered by TCP SYN probes sent to the host at an average rate of 1/(7600 microseconds). The degree of difficulty to exploit the TCP initial sequence number generation scheme is: hard.
Expand Severity Title Port/Service
1
IP ID Values Randomness
QID:
82046
Category:
TCP/IP
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
07/27/2006
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The values for the identification (ID) field in IP headers in IP packets from the host are analyzed to determine how random they are. The changes between subsequent ID values for either the network byte ordering or the host byte ordering, whichever is smaller, are displayed in the RESULT section along with the duration taken to send the probes. When incremental values are used, as is the case for TCP/IP implementation in many operating systems, these changes reflect the network load of the host at the time this test was conducted.

Please note that for reliability reasons only the network traffic from open TCP ports is analyzed.

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
IP ID changes observed (network order) for port 135: 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 2
Duration: 37 milli seconds
Expand Severity Title Port/Service
1
NetBIOS Workgroup Name Detected
QID:
82062
Category:
TCP/IP
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
06/02/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The NetBIOS workgroup or domain name for this system has been detected.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
AD
Expand Severity Title Port/Service
1
Windows Registry Key Access Denied
QID:
90195
Category:
Windows
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
03/24/2009
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Remote access to the following registry keys has been denied. Access to the Registry named pipe was successful, but remote access to the Registry keys in the Result section has been denied.
IMPACT:
Vulnerabilities that require registry key access may not have been detected during the scan. This QID can be used to debug authentication and permission issues with other QIDs. This QID is not a direct indication of problems or missing patches on the target system.
SOLUTION:
See the permissions assigned to the provided user authentication credentials. On Windows XP Professional use Classic for local network logins (default is Guest only, which prohibits Registry access). This may be set at Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\
HKLM\Software\Microsoft\Windows NT\
HKLM\Software\Microsoft\
HKLM\Software\
HKLM\Software\Microsoft\Windows\CurrentVersion\
HKLM\Software\Microsoft\Windows\
HKLM\SYSTEM\CurrentControlSet\Services\Qualys non existing key\
HKLM\SYSTEM\CurrentControlSet\Services\
HKLM\SYSTEM\CurrentControlSet\
HKLM\SYSTEM\
Expand Severity Title Port/Service
1
Microsoft Windows Network Level Authentication Disabled
QID:
90788
Category:
Windows
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
05/01/2013
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Microsoft Windows Network Level Authentication (NLA) is an authentication method that enhances the security of a Remote Desktop Session Host server by requiring the user to be authenticated before a session is created.

The registry key for the Network Level Authentication (NLA) is disabled.

Network Level Authentication is supported on Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2

IMPACT:
Enabling NLA can help protect the remote computer from malicious users and malicious software attacks.
SOLUTION:
See Microsoft Knowledge Base Article 2671387 to use the automated Microsoft Fix it solution to enable this feature.

As a precaution, always test in a QA or rehearsal environment before rolling out to production.

Note: Client computers that do not support Credential Security Support Provider (CredSSP) protocol will not be able to access servers protected with Network Level Authentication. Windows XP does not support the CredSSP protocol by default.

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
QID: 90788 detected on port 3389 over TCP.
Expand Severity Title Port/Service
1
Default Web Page port 47001/tcp
QID:
12230
Category:
CGI
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
06/19/2006
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The Result section displays the default Web page for the Web server.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Date: Sat, 23 Mar 2013 15:03:56 GMT
Connection: close
Content-Length: 315

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>Not Found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD>
<BODY><h2>Not Found</h2>
<hr><p>HTTP Error 404. The requested resource is not found.</p>
</BODY></HTML>
Expand Severity Title Port/Service
1
Web Server Version port 47001/tcp
QID:
86000
Category:
Web server
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
01/01/1999
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
N/A
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Server VersionServer Banner
_Microsoft-HTTPAPI/2.0
Expand Severity Title Port/Service
1
Default Web Page port 1311/tcp over SSL
QID:
12230
Category:
CGI
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
06/19/2006
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
The Result section displays the default Web page for the Web server.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Connection: Close
Content-Type: text/html; charset=UTF-8

<html>
<head>
<META http-equiv="Content-Type" content="text/html; charset=UTF-8">
<script language="javascript">
if (window != top) {
// Load page in the top frame.
top.location.href = window.location.href
}
// QueryString
//
function QueryString(key) {
var value = null;
for (var i = 0; i < QueryString.keys.length; i++) {
if (QueryString.keys[i]==key)
{
value = QueryString.values[i];
break;
}
}
return value;
}
QueryString.keys = new Array();
QueryString.values = new Array();

function QueryString_Parse()
{
var query = window.location.search.substring(1);
var pairs = query.split("&");

for (var i = 0;i < pairs.length; i++)
{
var pos = pairs[i].indexOf('=');
if (pos >= 0)
{
var argname = pairs[i].substring(0,pos);
Expand Severity Title Port/Service
1
SSL Server Information Retrieval port 1311/tcp over SSL
QID:
38116
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
07/28/2005
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:

The following is a list of supported SSL ciphers. Note: If a cipher is included in this list it means that it was possible to establish a SSL connection using that cipher. There are some web servers setups that allow connections to be established using a LOW grade cipher, only to provide a web page stating that the URL is accessible only through a non-LOW grade cipher. In this case even though LOW grade cipher will be listed here QID 38140 will not be reported.

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
SSLv2_PROTOCOL_IS_DISABLED _ _ _ _ _
SSLv3_PROTOCOL_IS_ENABLED _ _ _ _ _
SSLv3 COMPRESSION_METHOD None _ _ _
EDH-RSA-DES-CBC3-SHA DH RSA SHA1 3DES(168)_ HIGH_
DES-CBC3-SHA RSA RSA SHA1 3DES(168)_ HIGH_
DHE-RSA-AES128-SHA DH RSA SHA1 AES(128)_ MEDIUM_
AES128-SHA RSA RSA SHA1 AES(128)_ MEDIUM_
RC4-SHA RSA RSA SHA1 RC4(128)_ MEDIUM_
RC4-MD5 RSA RSA MD5 RC4(128)_ MEDIUM_
EDH-RSA-DES-CBC-SHA DH RSA SHA1 DES(56)_ LOW_
DES-CBC-SHA RSA RSA SHA1 DES(56)_ LOW_
EXP-EDH-RSA-DES-CBC-SHA DH(512) RSA SHA1 DES(40)_ LOW_
EXP-DES-CBC-SHA RSA(512) RSA SHA1 DES(40)_ LOW_
EXP-RC4-MD5 RSA(512) RSA MD5 RC4(40)_ LOW_
TLSv1_PROTOCOL_IS_ENABLED _ _ _ _ _
TLSv1 COMPRESSION_METHOD None _ _ _
EDH-RSA-DES-CBC3-SHA DH RSA SHA1 3DES(168) _HIGH_
DES-CBC3-SHA RSA RSA SHA1 3DES(168) _HIGH_
DHE-RSA-AES128-SHA DH RSA SHA1 AES(128) _MEDIUM_
AES128-SHA RSA RSA SHA1 AES(128) _MEDIUM_
RC4-SHA RSA RSA SHA1 RC4(128) _MEDIUM_
RC4-MD5 RSA RSA MD5 RC4(128) _MEDIUM_
EDH-RSA-DES-CBC-SHA DH RSA SHA1 DES(56) _LOW_
DES-CBC-SHA RSA RSA SHA1 DES(56) _LOW_
EXP-EDH-RSA-DES-CBC-SHA DH(512) RSA SHA1 DES(40) _LOW_
EXP-DES-CBC-SHA RSA(512) RSA SHA1 DES(40) _LOW_
EXP-RC4-MD5 RSA(512) RSA MD5 RC4(40) _LOW_
Expand Severity Title Port/Service
1
SSL Session Caching Information port 1311/tcp over SSL
QID:
38291
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
09/16/2004
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
SSL session is a collection of security parameters that are negotiated by the SSL client and server for each SSL connection. SSL session caching is targeted to reduce the overhead of negotiations in recurring SSL connections. SSL sessions can be reused to resume an earlier connection or to establish multiple simultaneous connections. The client suggests an SSL session to be reused by identifying the session with a Session-ID during SSL handshake. If the server finds it appropriate to reuse the session, then they both proceed to secure communication with already known security parameters.

This test determines if SSL session caching is enabled on the host.

IMPACT:
SSL session caching is part of the SSL and TLS protocols and is not a security threat. The result of this test is for informational purposes only.
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
SSLv3 session caching is enabled on the target.TLSv1 session caching is enabled on the target.
Expand Severity Title Port/Service
1
SSL/TLS invalid protocol version tolerance port 1311/tcp over SSL
QID:
38597
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
02/13/2012
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
SSL/TLS protocols have different version that can be supported by both the client and the server. This test attempts to send invalid protocol versions to the target in order to find out what is the targets behavior. The results section contains a table that indicates what was the target's response to each of our tests.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
my versiontarget version
03040301
03990301
0400rejected
0499rejected
Expand Severity Title Port/Service
1
SSL Certificate will expire within next six months port 1311/tcp over SSL
QID:
38600
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
12/26/2012
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Certificate are used for authentication purposes in different protocols such as SSL/TLS. Each certificate has a validity period outside of which it is supposed to be considered invalid. This QID is reported to inform that a certificate will expire within next six months. The advance notice can be helpful since obtaining a certificate can take some time.
IMPACT:
Expired certificates can cause connection disruptions or compromise the integrity and privacy of the connections being protected by certificates.
SOLUTION:
Contact the certificate authority that signed your certificate to arrange for a renewal.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Certificate #0 CN=CAS-PY-DFS1B,O=Dell_Inc,OU=SA_Enterprise_Software_Development,L=Round_Rock,ST=TX,C=US The certificate will expire within six months: Jun 2 13:49:28 2013 GMT
Expand Severity Title Port/Service
1
TLS Secure Renegotiation Extension Supported port 1311/tcp over SSL
QID:
42350
Category:
General remote services
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
12/01/2011
User Modified:
-
Edited:
No
PCI Vuln:
No
THREAT:
Secure Socket Layer (SSL) and Transport Layer Security (TLS) renegotiation are vulnerable to an attack in which the attacker forms a TLS connection with the target server, injects content of his choice, and then splices in a new TLS connection from a client. The server treats the client's initial TLS handshake as a renegotiation and thus believes that the initial data transmitted by the attacker is from the same entity as the subsequent client data. TLS protocol was extended to cryptographically tierenegotiations to the TLS connections they are being performed over, This is referred to as TLS secure renegotiation extension. This detection determines whether the TLS secure renegotiation extension is supported by the server or not.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
TLS Secure Renegotiation Extension Status: not supported.
Expand Severity Title Port/Service
1
SSL Certificate - Information port 1311/tcp over SSL
QID:
86002
Category:
Web server
CVE ID:
-
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
01/23/2003
User Modified:
-
Edited:
No
PCI Vuln:
No
SOLUTION:
 
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
NAMEVALUE
(0)CERTIFICATE 0
(0)Version3 (0x2)
(0)Serial Number1307108968 (0x4de8e668)
(0)Signature Algorithmsha1WithRSAEncryption
(0)ISSUER NAME
countryNameUS
stateOrProvinceNameTX
localityNameRound Rock
organizationalUnitNameSA Enterprise Software Development
organizationNameDell Inc
commonNameCAS-PY-DFS1B
(0)SUBJECT NAME
countryNameUS
stateOrProvinceNameTX
localityNameRound Rock
organizationalUnitNameSA Enterprise Software Development
organizationNameDell Inc
commonNameCAS-PY-DFS1B
(0)Valid FromJun 3 13:49:28 2011 GMT
(0)Valid TillJun 2 13:49:28 2013 GMT
(0)Public Key AlgorithmrsaEncryption
(0)RSA Public Key(1024 bit)
(0) Public-Key: (1024 bit)
(0) Modulus:
(0) 00:f3:41:2b:36:2b:1c:94:f9:00:09:1c:03:00:b0:
(0) 25:c7:b8:bf:7b:ec:2e:7b:2c:3b:1a:5c:15:a3:55:
(0) d3:d5:e1:43:aa:82:9b:a4:15:bc:75:3c:f2:97:06:
(0) c9:d8:a5:9d:de:cc:45:e5:bb:7e:c3:a1:2d:f2:30:
(0) d3:84:24:b6:21:c7:7d:9e:83:17:30:0a:7d:6e:c3:
(0) 6f:d8:0b:b5:31:f4:80:ad:eb:72:76:3e:c5:65:cb:
(0) 04:4d:6d:cb:ab:00:13:e1:d0:54:12:e0:4a:b2:e6:
(0) 68:1c:bf:03:a0:a7:34:c7:a1:9d:79:c7:4b:c7:ae:
(0) 39:73:2c:aa:4a:a6:d0:90:c3
(0) Exponent: 65537 (0x10001)
(0)Signature(128 octets)
(0) c2:b0:a4:c9:ae:cc:87:77:e5:ff:ec:f6:f2:3f:f2:83
(0) f2:16:64:50:b1:8d:ba:8d:d4:09:c3:06:98:91:36:6d
(0) 2e:c8:a8:84:9b:d8:c6:68:dd:54:d3:02:18:06:4d:53
(0) 3d:b9:39:45:05:04:44:5d:75:26:83:8c:dc:bf:ca:dd
(0) d4:f3:71:e5:d3:43:af:86:85:46:1c:07:8c:86:71:28
(0) db:39:e8:12:f7:1f:0b:81:f3:a6:27:f8:64:f9:95:c3
(0) 77:50:73:e5:33:90:40:27:65:44:e2:bc:16:63:c5:8c
(0) 49:15:66:ea:5e:7f:d9:dc:72:b4:2b:08:ff:83:c2:a9